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TIRA WIRELESS LETS OUT 
JAVA PORTING SERVICE 

Jump platform has customers doing some 
of the work of targeting J2ME devices 

BY EDWARD J. CORREIA 

Write once, port many times. 
That variation of Sun's Java cre- 
do might seem more appropri- 
ate to J2ME developers target- 
ing the hundreds of Java 
handsets available today, as 
unique hardware calls often 
require custom code. Tira 
Wireless, which since 2001 has 
built a business on that frag- 
mentation, on Jan. 31 was set to 
release the Tira Jump Product 
Suite, a productized version of 
its Java porting service that it 
claims automatically adjusts 
J2ME source code to run on a 
► continued on page 21 




The company was having trouble 
keeping up with demand, says 
Tira's Seifried. 



It's Troux! 
Computas N.A., 
Metis Acquired 



BY DAVID RUBINSTEIN 

In a bid to offer a single solu- 
tion for enterprise architecture 
modeling and management, 
Austin, Texas-based Troux has 
acquired Computas N.A., a 
subsidiary of Computas in Oslo, 
Norway, for a reported US$30 
million in cash. 

Computas developed Metis, 
a solution for enterprise archi- 
tecture (EA) modeling that has 
gained significant traction in 
the U.S. government, where 
numerous agencies use it to 
understand the assets they have 
as well as to provide a forward- 
looking model of where they 
need to go, according to Jonas 
Lamis, director of strategic 
marketing at Troux. 

Troux (pronounced "true") 
sells EA and IT governance and 
management software, mostly to 
commercial concerns in the 
United States. Prior to the acqui- 
sition, Lamis said Troux had 
been looking for ways to expand 
its position in the governmental 
arena. He would not confirm the 
dollar amount of the transaction. 



Merging the two companies' 
assets will not be a trivial devel- 
opment effort, Lamis said, 
because Metis is a client/server 
application with a heavy desk- 
top component, while Troux's 
software is Web-based. "The 
best thing we can offer at the 
outset is a common data mod- 
el," he said. "The products are 
linked completely from an 
information management per- 
spective." Decisions as to which 
pieces of Metis will be ported 
to a Web architecture, and 
which will remain on the desk- 
top, have yet to be made. 

Lamis said the merger repre- 
sents an important step in the 
evolution of enterprise architec- 
tures. "Modeling for modelings 
sake is not good enough any- 
more," he said. "You have to 
have a business reason." 

Public and commercial con- 
cerns need to become more 
aware of where their informa- 
tion exists, to collect it into a 
model-driven repository and 
build applications on top of 
► continued on page 17 



Taking the Extreme out of Extreme Programming 

Kent Beck insists XP is not dogma, but next to other agile methods, it has a lot to say 



BY JENNIFER DEJONG 

Is XP evolving into a not-so- 
extreme way of working? 

Yes, suggests Kent Beck, 
author of the popular agile 
programming methodology, in 
the recently published second 
edition of his book "Extreme 
Programming Explained: Em- 
brace Change," released in 
November 2004. 

"Critics of the first edition 
[1999] have complained that it 
tries to force them to program 
in a certain way. Aside from 
the absurdity of me being able 
to control anyone else's behav- 
ior, I'm embarrassed to say 




'[Agile methods] all focus on working 
software, rather than on planning, 
design and requirements. ' 
I —Per Kroll, IBM Rational 

'There's lots of feedback 
and communication but as 
little bureaucracy as possible. ' 
—Alistair Cockburn, on Crystal I 




that was my intention," he 
wrote in the preface. 

Since its inception in 1996, 
XP has been widely perceived as 
an "extreme" departure from tra- 
ditional ways of producing soft- 
ware, which too often delivered 
too little, too late. But now Beck 
is taking a gentler approach. "XP 
is not dogma," he said in a phone 
interview. "I'm not saying, If you 
don't pair-program, you're bad,' " 
he said, referring to one of XP's 
better known practices. 

Pair programming is simply 
one way of enabling close tech- 



nical collaboration. But there 
are others, such as code reviews 
or "technical conversations 
away from your machine," said 
Beck, director of the Three 
Rivers Institute in southern 
Oregon, and a software fellow 



at Agitar Software, in Mountain 
View, Calif. What Beck wants is 
not to prescribe precisely how 
programmers must work, but to 
make them accountable, in 
much the same way that other 
business professionals are. 
"Everyone else is accountable," 
he said. "Salespeople have 
always had quotas to meet." 
Yet, traditionally, programmers 
have long been able to get away 
with saying, "We ship no soft- 
ware before its time." 

If XP's new image takes, more 

teams are likely to adopt it, said 

Robert Holler, CEO of Version 

► continued on page 14 
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Modeling Drawn Down to Scale 



Companies release tools that leverage pieces of full, complex UML specification 



BY DAVID RUBINSTEIN 

Call it UML Lite. 

Unified Modeling Lan- 
guage, the de facto industry 
standard for enterprise soft- 
ware design, has become very 
large and complex, and some 
claim that UML 2.0 is too com- 
plicated for ordinary develop- 
ment teams. So, enter the sub- 
set. Three software vendors last 
month announced products 
they say help simplify and pro- 
vide insight into modeling. 

One of the products, SD 
Metrics 1.3, is believed by its 
creator to be the first product 
on the market to measure the 
structural properties of a UML 
design. Juergen Wuest, founder 
and chief technologist at Ger- 
many-based SD Metrics, said 
there has been a lot of work 
with metrics in the area of 
source code but not at the 
design stage, largely because 
people use many different pro- 
prietary methods of designing 
their software. "When UML 
became a standard, it made 
something like this possible," 
Wuest said. 

Teams working with large 
numbers of use cases, for exam- 
ple, can break them down into 
diagrams and put them into 
packages, Wuest explained. 



With SD Metrics, the couplings 
between packages can be mea- 
sured and the degree of depen- 
dency between the packages 
can be seen, he said, offering 
insight into how critical a pack- 
age is at the current iteration 
and then moving forward. 

The product, which first 
came to market in January 2003 
and now has been updated with 
a design rule checker, sells for 
€129. The design rule checker 
can spot designs that are incom- 
plete or incorrect, and detect 
problems such as naming con- 
vention violations. Thus, design 
reviewers can catch semantic as 
well as syntactic problems in the 
model, Wuest said. 

SD Metrics works with UML 
modeling and reverse-engineer- 
ing tools that support the XMI 
model interchange format, 
allowing SD Metrics to be used 
by and for the models to be 
exchanged among many differ- 
ent UML tools, Wuest said. 

As for the complexity of 
UML, Wuest said, "Just be- 
cause UML offers a rich portfo- 
lio, you're not forced to use it 
all. There are things that can 
make a model complicated, but 
there are other ways to express 
it that are less complex. You can 
choose simply not to use" those 
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With SD Metrics, a table view presents model elements in rows, while the 
columns show the metrics. 



portions of the spec that add 
complexity. 

Using just one portion of the 
spec is exactly what San Diego- 
based start-up Effexis Software 
has done. The company in 
December released a modeling 
tool designed only for Sequence 
diagrams. "I think of it as a word 
processor for Sequence dia- 
grams," said company founder 
Rodger Constandse. 

The tool's interface provides 
users with forms in which to 
enter information, which then 
is used to automatically draw 
the elements for the diagram. It 



includes Word-like features 
such as autocomplete to speed 
up data input, and automatical- 
ly paginates lengthy diagrams 
when they exceed more than 
one page, Constandse said. 

The company focused on 
Sequence diagrams, he said, 
because "Visio and the other 
tools do a good job with the oth- 
er diagrams. Sequence diagrams 
are tedious, with more things to 
do manually, and they're very 
difficult to maintain." He said 
telecommunications and wire- 
less companies can benefit from 
the simplicity Effexis' Sequence 



Diagram Editor provides for 
designing complex systems. The 
tool sells for US$49 per user. 

Meanwhile, another compa- 
ny has released the latest version 
of its design tool, which can be 
used by organizations with little 
knowledge of UML altogether. 

SmartDraw 7 Technical Edi- 
tion — one of five packages 
offered by SmartDraw for differ- 
ent tasks — can be used to create 
UML-like drawings, according 
to CEO Paul Stannard. "You can 
divide the UML thing into dis- 
tinct groups," he said. "There are 
those who do real code-generat- 
ing UML modeling, who are less 
focused on the diagrams than on 
developing a framework for 
code. Then there are those who 
want to use diagrams that are 
UML-like to communicate with 
each other but who later want to 
write their own code." With full 
UML tools, he said, "the tail 
wags the dog if all you want is the 
diagram." 

For software development 
teams, the US$198 SmartDraw 7 
Technical Edition has what Stan- 
nard called greatly improved 
UML symbol sets, and comes 
with a beginner's guide to UML, 
featuring tutorials that explain 
the symbols and teach the con- 
cepts of UML. I 



Microsoft Resetting Agenda for Citrix Systems? 

Longhorn likely to include terminal emulation features previously found only in MetaFrame 



BY JENNIFER DEJONG 

Independent software vendors 
always walk a fine line with 
Microsoft. And with Longhorn 
on the horizon, the delicate bal- 
ance that defines all partner/ 
competitor relationships is like- 
ly to shift once more. 

The latest company looking 
to regain its footing with the 
software giant is Fort Laud- 
erdale, Fla.-based Citrix Sys- 
tems, whose MetaFrame Access 
Suite is built on top of Terminal 
Server, part of Windows Server 
2003. Late last year, Citrix and 
Microsoft signed an agreement 
that extends their longstanding 
partnership for five more years. 
It stipulates that Citrix's 
MetaFrame will support Long- 
horn, the forthcoming version 
of Windows Server expected 
next year. 



'Microsoft offers a baseline solution. They want 
partners to build on their technology/ 

-Nabeel Youakim, Citrix 



In addition, the agreement 
formally grants Citrix continued 
access to Windows source code, 
calls for Citrix to collaborate 
with Microsoft to extend Win- 
dows Terminal Server, and pro- 
vides for patent cross-licensing 
between the two companies, 
said Citrix's Nabeel Youakim, 
who manages the company's 
relationship with Microsoft. 

Continued collaboration is 
crucial for Citrix customers, 
who use MetaFrame to deliver 
Windows applications without 
having to install those applica- 
tions on the desktop. But the 
agreement also moves the part- 
nership into a more competitive 



arena, Youakim acknowledged, 
because Longhorn is likely to 
incorporate terminal emulation 
capabilities previously available 
only in MetaFrame. "But we 
don't mind," he said. "The 
agreement is good news for Cit- 
rix because it means Microsoft 
is investing in the platform." 

The partnership was formally 
established in 1997, when Citrix 
licensed to Microsoft the code 
that became the foundation of 
Terminal Server. MetaFrame 
builds on Terminal Server's more 
rudimentary terminal emula- 
tion capabilities, adding securi- 
ty and management features 
that enable customers to connect 



as many as 1,000 desktops and 
devices, including those that 
can't run Windows, to a server. 

"Microsoft offers a baseline 
solution. They want partners to 
build on their technology," 
Youakim said, describing a 
model that defines many 
Microsoft/partner relationships. 
Asked what terminal emulation 
capabilities Longhorn is likely 
to include, Microsoft did not 
specify. The company declined 
a request for an interview. But 
Steve Anderson, a director in 
the Windows Server division at 
Microsoft, said in a statement: 
"This collaboration will enable 
Citrix to continue to embrace 
and extend the features of the 
baseline Terminal Server solu- 
tion. Customers will benefit 
from this agreement because it 
will help ensure that Citrix 



products will run well on future 
versions of the Windows Server 
operating system." 

Youakim did not provide 
specific answers, either. Nor 
did he say how Citrix plans to 
evolve its MetaFrame offering 
in light of the expected overlap 
with Longhorn. 

It may not be a partnership 
between equals, but Citrix is 
likely to have more clout than 
most Microsoft partners. Be- 
cause each MetaFrame cus- 
tomer must also purchase a Win- 
dows Terminal Server license, 
Citrix generates ongoing rev- 
enue for Microsoft, which 
Youakim estimated to be about 
US$300 million for fiscal 2004, 
"with very little effort on 
Microsoft's part." Citrix earned 
Microsoft's Global ISV Partner 
of the Year award for 2003. I 
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Making PostgreSQL More Pervasive 

Company is latest to launch open-source strategy, with IT database 



BY EDWARD J. CORREIA 

Another company is hitching its 
wagon to open source. Perva- 
sive Software in January un- 
veiled a new open-source and 



mainstream database strategy 
that builds upon PostgreSQL, 
the object-relational DBMS 
developed at the University of 
California at Berkeley The com- 



pany says it will release Pervasive 
Postgres in mid-February; an 
early access version is available 
now at wwwpervasive-postgres 
.com/downloads. 



"The world doesn't need 
another database technology," 
said Lance Obermeyer, Perva- 
sive s director of products, of the 
company's decision to enhance 
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an existing product in favor of 
building something new or mod- 
ifying Pervasive. SQL, its appli- 
cation-specific database. "The 
markets are complementary," he 
said, adding that he does not 
expect either product to inter- 
fere with sales of the other. "Per- 
vasive. SQL is sold through ISVs 
while the mainstream database 
market goes through IT." 

Obermeyer said revenue 
from the free software will 
come from the sales of service 
and support contracts. Support 
costs US$1,999 per server per 
year; round-the-clock service 
costs $4,999. Additional rev- 
enues are expected from migra- 
tion, training, tuning and other 
professional services. 

Pervasive will compete with 
MySQL and, to a lesser degree, 
Computer Associates and its 
Ingres open-source database. 
"Ingres is certainly an impor- 
tant technology, but there isn't a 
lot of mindshare around it. Our 




PostgreSQL has a business-friendly 
license, says Pervasive's Obermeyer. 

main competitor will be 
MySQL, which has established 
an early lead for developers 
building brand-new applica- 
tions that require an open- 
source database. But Post- 
greSQL is well positioned to 
challenge that leadership 
because of its technology and 
business-friendly license." 

And its BSD license, Ober- 
meyer said, was a major factor 
behind the selection of Post- 
greSQL. "It's the most busi- 
ness-friendly license and allows 
Pervasive Postgres to be used in 
any environment for free." Not 
so with MySQL's GPL, which 
he said often compels corporate 
developers to buy a commercial 
license when deploying data- 
bases with a proprietary or 
closed-source program. 

Based on PostgreSQL ver- 
sion 8, Pervasive Postgres will 
be bundled with tools for 
administration, ODBC/JDBC 
and other connectivity drivers 
and integrated components. 

The software is available 
for Linux and Windows. I 
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Jlnspired Tracing Tool Profiles J2EE Apps 



BY JENNIFER DEJONG 

Jlnspired, a small company in 
Voorhout, Netherlands, has 
announced a tool that lets devel- 
opers profile J2EE applications 
to improve performance. 

JXInsight automates the 
process of tracing code to 
determine how it will behave 
when executed as part of a dis- 
tributed application that 
includes multiple components, 
said the company's chief tech- 
nology officer, William Louth. 
"There is a disconnect between 
developer understanding of 
what the code needs to do and 
what actually happens when it 
is executed." Many developers 
attempt to analyze code by 
manually inserting trace state- 
ments, "but that approach does 
not capture enough contextual 
information," he said. 

AutomateTest 
Tracks Changes 
In PeopleSoft 

BY YVONNE L. LEE 

To hear Newmerix s chief tech- 
nology officer Niel Robertson 
tell it, the volumes of test scripts 
organizations have built break 
whenever IT staffers apply a 
patch to the packaged software 
on which the tested application 
is built. He believes his compa- 
ny has found a workaround to 
keep them chugging. 

"Any time the application 
changes, your test script can 
become obsolete," he said. 
Newmerix's US$7,500-per-seat 
AutomateTest will test any 
Web-based application, but it 
will read metadata for People- 
Soft applications and determine 
the function of code segments. 
This enables the software to 
suggest fixes when the software 
finds an error, Robertson said. 

AutomateTests maintenance 
feature synchronizes test suites 
against the PeopleSoft metadata. 
Synchronization creates a file 
that identifies all the PeopleSoft 
metadata objects and object 
attributes that have been 
touched, either directly or indi- 
rectly, by the test scripts. When a 
change is made to the People- 
Soft environment, AutomateTest 
uses an interface called the Peo- 
pleSoft Navigator to show how 
the change affects test scripts. 

A JD Edwards version is due 
next quarter, Robertson said. I 



JXInsight, which starts at 
US$750 per developer, identi- 
fies transaction ID numbers, 
process, call stack, clock and 
CPU timings; as well as Java 
Virtual Machine events, such as 



garbage collection and thread 
monitor waits and blocks, he 
said. It incorporates the compa- 
ny's earlier offering, JDBIn- 
sight, which analyzes what's 
going on between the applica- 



tion and the database. 

In addition to the server that 
monitors J2EE applications, 
JXInsight, which competes with 
offerings such as Borland's 
ServerTrace, Quest's Performa- 



Sure and Wily Technology's 
Introscope, includes a console 
that reports findings in a graph- 
ical format. The current release 
provides trace extensions for 
EJB, CORBA, Servlets, JDBC 
and SOAP. A subsequent 
release, expected in the second 
quarter of this year, will support 
JMS and JCA, Louth said. I 
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Ul Designer New to Compuware's OptimalJ 



BY DAVID RUBINSTEIN 

An update of its OptimalJ 
development environment to 
version 3.3 is the highlight of a 
series of announcements made 
last month by Compuware. 
The company describes Opti- 



malJ 3.3, announced Jan. 24, as a 
"pragmatic implementation of 
[model-driven architecture]," 
said Mike Burba, launch pro- 
gram manager for OptimalJ, 
describing the ability to create a 
business model, transform that 



model into code, and then elabo- 
rate on the generated code with 
business logic, custom UI fea- 
tures and the like. 

The three key themes of the 
OptimalJ 3.3 release are faster 
development through automa- 



tion, simplification of reuse 
through service enablement, and 
easing collaboration through role 
differentiation and sharing infor- 
mation, said Mike Sawicki, Opti- 
malJ product manager. 

Automation in this instance 




means the ability to provide a 
repeatable process for turning a 
model into a working applica- 
tion, while service enablement 
means taking legacy business 
objects and weaving those 
objects with Java applications, 
Sawicki explained. 

Among the new features in 
version 3.3 is a user interface 
designer, which Sawicki said lets 
companies formalize guidelines 
for the look and feel of the pre- 
sentation layer. "Because the UI 
is the most volatile of Web appli- 
cation components, we want to 
help developers model that and 
use transformation" to minimize 
coding complexity, as the design- 
er is faithful to OptimalJ s model- 
driven features, he said. After 
developers model the view by 
painting forms, it can be bound 
to data services, he added. 

OptimalJ 3.3 also features 
integrations with iWay Software 
adapters, and the Applinx main- 
frame connector solution from 
Sabratec, which last month was 
acquired by Software AG. These 
integrations help OptimalJ users 
create services from legacy appli- 
cations based on terminal data 
streams, Sawicki said. "This 
helps organizations avoid costly 
rewrites to expose legacy apps to 
a wider audience," he explained. 

A new integration with the 
SteelTrace tool from Catalyze 
brings requirements manage- 
ment capability into OptimalJ 
and adds to the solution's col- 
laboration capabilities. "We 
wanted to augment what we 
were doing in the [application] 
life-cycle space," Sawicki said. 

The OptimalJ developer edi- 
tion, based on the IntelliJ IDE, 
sells for US$1,900 per seat; the 
prior version, based on Net- 
Beans, sold for $800. The pro- 
fessional edition adds the UML 
tools and costs $5,000 per seat, 
while the architecture edition, 
which adds pattern-creation 
capabilities, costs $10,000. 

The company also announced 
on Jan. 24 what Burba called a 
minor update to DevPartner for 
Java and unveiled a new tool 
called Vantage Analyzer for 
J2EE, which helps operations 
managers spot bottlenecks in 
Java applications and servers, 
Burba said. Earlier last month, 
the company released two oth- 
er new products — DevPartner 
Fault Simulator, which tests 
native and .NET-managed code; 
and DevPartner Security Check- 
er, which Compuware claims can 
enable developers to locate and 
fix security vulnerabilities in 
ASP.NET applications. I 
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News Briefs 



, COMPANIES , 




Microsoft has announced a migration program for PeopleSoft cus- 
tomers who don't want to become Oracle customers. Microsoft is 
offering discounts and other incentives to encourage PeopleSoft World 
and PeopleSoft EnterpriseOne customers to move to Microsoft's 
Axapta, and for PeopleSoft Enterprise customers to use its Great 
Plains software. 



NEW PRODUCTS 



Microsoft has made a foray into desktop security software with the 
beta release of Windows AntiSpyware, which is available for Windows 
XP Service Pack 2. The company has also introduced a malicious soft- 
ware removal tool . . . Softlntegration is offering a version of its Ch 
C/C++ interpreter for QNX's Neutrino real-time operating system. 



UPGRADES 



Microsoft has begun the second community technology preview of 
SQL Server 2005. New for the second preview is 64-bit support for 
Analysis Services and Integration Services. The preview is available to 
MSDN and Betaplace subscribers. The company also has released 
Express Manager, which is a database administration tool for SQL 
Server 2005 Express Edition, a no-cost version of the database serv- 
er launched last July . . . Capitalware has updated MQ Visual Edit, a 
tool for letting developers and administrators view, manipulate and 
manage messages in a WebSphere MQ gueue. Version 1.3 of the Java- 
based tool offers a number of user-interface enhancements and bug 
fixes, including a single shell script for running it on Linux, Mac OS X 
and Unix . . . The new version of Easy Project .NET, a Windows-based 
project management system from Logic Software, adds a customiz- 
able permissioning system to let 



GigaSpaces: Virtual Runtime Is Reality 

Version 4 of data-grid middleware divides JMS f JDBC 



BY EDWARD J. CORREIA 

Imagine adding servers whenev- 
er a message queue outgrew its 
existing hardware. GigaSpaces 
Technologies, a developer of 
grid middleware for building 
distributed transaction process- 
ing systems, has added virtual 
runtime capability to Enterprise 
Application Grid 4, saying the 
new software permits runtime 
functionality to be spread across 
many CPUs, blades or other 
enterprise computing resources 
as the need arises. 

According to Nati Shalom, 
founder and CTO of the Israel- 
based company, new function- 
ality includes virtual implemen- 
tations of Java Message Service 
and Java Database Connectivity 
specifications. "Before that we 
had a shared-memory data grid. 
Now we've provided JMS and 
JDBC on the data grid layer, 
and caching functionality on 
the shared memory bus." 

The result, Shalom claimed, 
is the ability for JMS queues and 
database tables to span multiple 
machines. "It's not just another 



implementation of those inter- 
faces. A virtual implementation 
means that you can scale applica- 
tions without changing or mov- 
ing the applications. This is all 
transparent to the application," 
given they adhere to those spec- 
ifications, he acknowledged. 

Shalom described the poten- 
tial of such functionality. "If you 
look at middleware stacks today, 
you have a messaging stack that 
is separated from the database 
stack, that is separated from the 
caching stack and other stacks. 
We provide all those interfaces 
built under the same kind of run- 
time," which he claimed enables 
messages written under JMS 
also to be readable through 
JDBC or the caching interfaces, 
simplifying runtime manage- 
ment and reliability. "You no 
longer need a high-availability 
solution for the JMS, a different 
one for the JDBC and another 
for the caching. It's all running 
under a single grid." 

The solution is built around a 
shared-memory kernel that 
Shalom said runs as a process on 



grid machines and enables data 
sharing without degrading local 
performance. The middleware 
provides interfaces for storing, 
accessing and transferring data 
across the kernel, he explained, 
while another layer virtualizes 
all the individual processes and 
provides applications with a sin- 
gle view of individual instances 
as if they were one. 

Reliability also is improved, 
because data is shared across 
multiple machines, he said. "If 
one machine goes down, you 
don't lose the information, even if 
it is in memory. Data in the grid 
is reliable through replication." 

Also new in version 4, which 
starts at around US$15,000 per 
server processor, is automated 
management and provisioning, 
which Shalom said can make 
adjustments to grid allocations 
on demand based on usage. "For 
example, if the amount of data 
increases to a certain level, we 
can detect that and allocate more 
instances in the grid pool." The 
grid software runs on any ma- 
chine with JDK 1.4 or higher. I 
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New Tool Puts Face on Talking Apps 
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Envox VoiceXML competes with Microsoft s SALT-based Speech Server - w eb standards, JO se P h said 

As a Microsoft partner, Envox 



BY JENNIFER DEJONG 

Microsoft has helped spread the 
word on voice-enabled systems. 
But when it comes to teaching 
applications to talk, Speech 
Server, launched last year, is not 
the only game in town. 

Envox Worldwide last month 
announced VoiceXML Studio, 
a tool that lets developers 
use prebuilt "blocks" to create 
the user interface of speech- 
enabled applications based on 
the VoiceXML standard. The 
new offering essentially extends 
Envox 6 Communications Dev- 
elopment Platform, used to 
speech-enable and deploy exist- 
ing Web applications without 
having to rewrite them from 
scratch. "But you still had to 
write the user interface by 
hand," said John Joseph, direc- 
tor of marketing for the West- 
borough, Mass. -based company. 

Studio, which starts at 
US$2,000 per seat, automates 
that process. Used in tandem 
with the communications plat- 
form, it lets developers create 
interactive voice response (IVR) 
applications, such as those that 
let credit card holders activate 
newly issued cards without hav- 
ing to talk to a human being. 
Instead of just pressing keys on 
the telephones touchpad, cus- 
tomers can "speak" responses, 
such as their credit card numbers 
or ZIP codes, said Joseph. 

Studio saves developers from 
having to write the code that 
enables the app to "understand" 
what the customer is saying. 
Instead, it provides a library of 
prebuilt user interface compo- 
nents, called dialog blocks, for 
specific types of information an 
application might request from 
the user, including credit card 
and other account numbers, as 
well as addresses and ZIP codes. 
Developers don't have to deter- 
mine the best way to "accept" 
each type of information and how 
to link it to the speech engine, 
said Joseph. "You simply place 
blocks on the screen and flow- 
chart them," without having to 
master the intricacies of writing 
VoiceXML code. 

Microsoft's Speech Server is 
based on a competing approach 
known as SALT, for Speech 
Application Language Tags. 
Both specifications let develop- 
ers without speech know-how 
add speech interfaces to applica- 



tions based on Web standards. 
And while VoiceXML is slightly 
older and appears to have more 
backers than SALT, both are in 



their infancy. Microsoft has said 
earlier that 90 percent of voice 
applications today are propri- 
etary IVR systems and are not 



based on either Web standard. 

Envox's current speech offer- 
ings are based on VoiceXML, 
but it plans also to support SALT 



developed SALT-based apps for 
Microsoft, which the company 
demonstrated at the VSLive con- 
ference last March. I 
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MKS Moving Beyond SCM 

'Real-world' requirements, dashboard new to Integrity Suite 



BY JENNIFER DEJONG 

MKS has moved well beyond its 
software configuration manage- 
ment roots, extending its key 
offering so that development 
team leaders can precisely pin- 
point where in the require- 
ments, coding and testing 
processes a project stands. 

MKS Integrity Suite 2005, 
released Jan. 24, combines into a 
single offering the company's 
existing SCM and workflow man- 
agement products with its new 
requirements tool announced in 
October but not previously 
offered. There also is a single 
user interface to the suite, which 
now includes a new dashboard 
for development managers, said 
Dave Martin, vice president of 
product management at the 
Waterloo, Ontario company. 

The dashboard, Martin 
explained, lets managers see, for 
example, how many require- 
ments have been approved for 
development, which features 
have been developed and 
turned over to QA, and which 



ones are still outstanding. 

Managers can drill down on 
each activity (such as a test plan 
or a requirement) to determine 
who is working on it and where 
in the process it stands, he said. 

The dashboard also provides 
graphical depictions of metrics 
such as the workload for each 
team member and how many 
activities are entering and leav- 
ing the queue. That lets the 
development manager reassign 
activities, if necessary, and set 
priorities for each team member, 
Martin said. The dashboard 
stores historical data, which can 
be used as a "predictive mea- 
sure" to determine, for example, 
how many lines of code a partic- 
ular requirement is likely to take, 
based on data pertaining to simi- 
lar requirements implemented 
in the past, Martin said. 

Also new to the 2005 offer- 
ing is support for electronic sig- 
natures, essential in highly reg- 
ulated sectors such as the 
pharmaceutical industry, and 
audit logging at the server level 



of all changes made to the sys- 
tem, useful in documenting 
compliance with initiatives such 
as the Sarbanes-Oxley act, Mar- 
tin said. In addition, a partition- 
ing feature lets separate devel- 
opment teams run separate 
systems on the same server, 
without having to install anoth- 
er instance of the application. 

Integrity Suite 2005, which 
costs about US$37,000 for 10 
users, replaces Integrity Suite 
4.6, released last March. The 
prior iteration included both 
Source Integrity (for SCM) and 
Integrity Manager (for process 
and workflow management). 
While the tools were integrated 
at the server level, they had sep- 
arate user interfaces. The ability 
to "integrate and manage just 
one product at both client and 
the server level" also distin- 
guishes Integrity Suite 2005 
from competitive offerings, such 
as those from IBM, Serena Soft- 
ware and Telelogic, Martin said. 

Like the prior version, 
Integrity Suite 2005 integrates 




MKS' new dashboard lets development team managers drill down to see 
where tasks stand in the requirements, coding and testing process. 



with Telelogic's requirements 
offering DOORS. "But most 
people don't need that big an 
RM tool," said Martin. While 
useful in industries such as auto- 
motive, heavyweight require- 
ments tools (such as DOORS) 
include too many features, often 
overlapping, for most real-world 
needs, he claimed. By contrast, 
MKS' approach is to provide 
"enough requirements capabili- 
ties for the majority of needs," 
Martin said. 

For instance, a heavyweight 
tool might track a set of require- 



ments against as many as 400 
baselines over time. "But most 
people just want to go back and 
see how they are doing today 
compared with six months ago," 
he said. More important is the 
ability to see how a change in 
coding, for example, impacts re- 
quirements and testing. When a 
developer adds a feature not 
specified in requirements, In- 
tegrity Suite alerts in real time, 
said Martin. "When I know what 
the developer is doing, that alerts 
me to a potential problem and 
gives me a negotiating point." I 
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Infravio Tosses Brokering for Monitoring, Registry 

Cisco's decision to include similar software in routers forces company to switch gears 



BY YVONNE L. LEE 

After seeing product plans 
from Cisco, Infravio decided it 
was best to get out of the Web 
services brokering business 
and into monitoring and reg- 
istries, according to Infravio 
president Jeff Tonkel. 

"There's not going to be 
room for a little company in 
Web services making money 
off a broker," Tonkel said, 
adding that his company had 
come to this conclusion after 
finding out that networking 
vendor Cisco was about to 
release routers with built-in 
brokering software. 

Infravio will place its biggest 
emphasis on management soft- 
ware that it will embed in 
NetlQ's AppManager suite, 
which will begin shipping this 
quarter. 

"Web services and SOA 
management will continue its 
evolution into three distinct 
niches: operations manage- 
ment, runtime management 
and asset management," said 



Tonkel, "but the only niche 
worth pursuing is WS/SOA 
asset management. It's the 
only niche with long-term via- 
bility and the only niche that 
represents a brand-new IT 
opportunity." 

Infravio's agent software, 
which costs US$3,500 per 
server and will be sold through 
NetlQ, monitors Web services 



and delivers performance and 
availability information, he 
said. 

Later this month, Infravio 
will release a new version of its 
X-registry with more UDDI 
support, more registry gover- 
nance processes, and service 
reuse features. It also will fea- 
ture improved access control 
and security, Tonkel said. 



"Administrators can exercise 
tight control over which ser- 
vices and which parts of ser- 
vices users can see," he said. 

The registry service will con- 
tinue to be priced according to 
the number of users, said 
Tonkel. "Let's say that I have a 
hundred users — the price would 
be about $25,000; a thousand 
users is $75,000." 



Because of the company's 
involvement with Web services 
registries, it is working to cre- 
ate a consortium of vendors 
and end users to define a spec- 
ification for taking policies 
from a registry and pushing 
them into a broker, he said. 

Infravio has approached 
Cisco, Oracle, Sabre Holdings 
and Seibel, Tonkel said. I 



Centercode Updates Hosted Beta-Test Service 



BY YVONNE L. LEE 

Beta-test-management compa- 
ny Centercode, which offers a 
hosted service called Connect, 
has announced a new version 
targeted to larger organizations, 
as well as an installable version 
that can be licensed by enter- 
prise customers. 

Connect 3.0 has been avail- 
able since September 2004 for 
customers who subscribe to the 
service, but it is only now being 
released to new subscribers, 



said chief technical officer 
Luke Freiler. 

"The people who had [Con- 
nect] 2.5 get this early," he said. 
"It's been out for about four 
months now, so they've been 
testing it for us for a long time." 

The hosted Connect prod- 
uct can handle larger tests with 
tens of thousands of testers, 
according to Freiler. 

The product features more 
customizable reports with 
styles, a redesigned filtering 



system and automated distribu- 
tion, as well as a form engine 
for project and community 
managers to build surveys, 
feedback forms and other data 
collection forms. 

The software is available on 
Windows servers using SQL 
Server, or on Solaris with Oracle. 

According to president 
Scott Bower, Centercode is 
offering the installable version 
at the request of organizations 
that want the security and con- 



trol of maintaining the service 
on their own site behind their 
firewall. However, he added 
that many organizations that 
tested the installable version 
later chose to return to the 
hosted service. 

"They enjoy the service and 
support they get from us," he 
said. "Their IT organization 
may not be ready for it. So they 
say, I'm happy with the hosted 
environment; maybe I'll stay 
there.' " I 
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< continued from page 10 

team members take different roles in different projects. It also offers 
new open-bug reports, a report of delayed tasks, and new installer and 
application support for SQL Server and Windows authentication. The 
software can be purchased starting at US$97 per seat, or licensed as 
a hosted service . . . Sun has released version 3.0 of Sun Ray Server, 
the application that drives the company's thin-client hardware. Sun 
Ray Server, which has always run on Solaris, now also is available for 
Linux, and supports Sun Java Desktop System, Novell's SUSE Linux 
and Red Hat Enterprise Linux. It also consumes less bandwidth so that 
thin clients may be connected via DSL or cable modem, and supports 
new peripherals, including multifactor authentication smart cards 
. . . Version 7.1 of Openlnsight, the database develop- 
ment application from Revelation Software, adds sup- 
port for the TCL language. It also offers wizards for , 
creating tables, pop-ups and reports, new tools for 
printing Avery labels, and new Linux print drivers. There are also 
enhancements to its table browser, documentation tools, client/server 
workspace, form designer and database presentation manager 
. . . EventHelix has updated its EventStudio architecture modeler, 
which uses sequence and collaboration diagrams. Version 2.5, which 
costs US$99, can export to Microsoft Word in EMF format, and lets 
developers customize the fonts and font sizes in the diagrams, assign 
sequence numbers to diagrams, and represent multicast and broad- 
cast messages. Case statements also now can define as many as 20 
legs . . . XLineSoft is offering ASPRunner Professional 3.1, the update 
of its software that creates Active Server Pages that can access and 
modify Oracle, SQL Server or other ODBC databases. This release 
adds separate pages for editing, adding and viewing data, new options 
for handling hyperlink fields, user group permissions, and improved 
layouts for data listing and printer-friendly pages . . . Sleepycat Soft- 
ware has updated its embedded XML database. Berkeley DB XML 2.0 
supports XQuery 1.0 and XPath 2.0, and adds a PHP API to support 
applications written in that language. Sleepycat says that perfor- 
mance is now 10 times faster for queries across multimegabyte XML 
documents . . . IBM's Rational division has updated its Ada tools. Apex 
4.4 supports PowerPC development on Linux, allows the use of 80-bit 
floating point data types, enhances code inlining, and has updates to 
the Ada editor to make it easier to visualize large complex units. Cur- 
rently, Apex 4.4 is available only for Linux and Solaris; other develop- 
ment platforms, including Windows, are still on the previous Apex 4.2 
. . . QSM has announced version 6.1 of SLIM Suite, its application life- 
cycle management suite. SLIM includes a cost estimating tool, a pro- 
ject manager and a metric analyzer. This version offers an improved 
I API that facilitates the importing of 
| statistics and other information from 
leading independent tool suites, such as those provided by IBM's 
Rational division and Telelogic. The cost estimator now offers more 
detailed work breakdown schedules, showing skill categories, task and 
resource breakdowns, and enhanced Gantt charts. The SLIM suite 
costs U$6,900 for a 10-seat license . . . Version 5.6 of Visual Build 
Professional, a Windows build management tool, supports Visual Studio 
2005 and Delphi 2005, and includes custom actions for the Subversion 
version control system, code signing and replace-in-file features. The 
software costs US$295 for a single-seat license. 



, PEOPLE , 



John Fanelli is the new VP of product planning and management at 
embedded software maker Wind River. Previously, he was senior direc- 
tor of marketing for Sun's Network Systems Group, where he worked 
on the company's Opteron server strategy. 



, STANDARDS , 



The W3C has published XML Inclusions (Xlnclude 1.0) as an official 
recommendation. The standard provides a method for merging multi- 
ple XML documents into a single composite document, with the goal of 
allowing more efficient content management at the enterprise level. I 



Taking the Extreme 
Out of XP Methods 



< continued from page 1 

One, in Atlanta, which sells soft- 
ware to help manage agile pro- 
gramming efforts, including XP. 
But he doesn't believe the new, 
less extreme XP is just a market- 
ing message. It is an accurate 
reflection of what happens to 
any methodology as its gains 
experience in the trenches. 
"Some followers believe [that] if 
you aren't doing this, you aren't 
doing XP. But in the real world, 
all processes become localized," 
he said. "Every team that 
applies XP does so differently," 
added Beck. "And I think that is 
a good thing." 

XP NOT THE ONLY AGILE 

XP gets all the attention, but it's 
just one of about half a dozen 
methodologies that fall under the 
agile umbrella (see box). Virtual- 
ly all of them originated in the 
early 1990s and predate XP, said 
Alistair Cockburn, originator of 
the Crystal method. 

"All are less explicit, less pre- 
scriptive than XP," Cockburn 
said. They focus heavily on pro- 
ject management and communi- 
cation practices (as does XP) but 
shy away from specifying actual 
engineering practices, such as 
testing code as it's written, a key 
practice in XP. Compared with 
XP, Crystal is "more malleable," 
he said. "There's lots of feedback 
and communication but as little 
bureaucracy as possible." It's 
about working in a way that's 
geared to the scope and criticali- 
ty of the project, he said. 

Producing software was easy 
when programs were small and 
"people sat in a cubicle and 
wrote code," said Jim High- 
smith, originator of the Adaptive 
method, and a senior consultant 
and director of the agile project 
management advisory service at 
Cutter Consortium, in Arling- 
ton, Mass. "But today we are 
writing much more complex 
programs, and no one person 
has the breadth of knowledge to 
do it themselves." The Adaptive 
method assigns a minimum of 
four people to a project. "You 
put people with different skills 
together and let them think 
through the issues, then one or 
two people code it," he said. 

There are more similarities 
than differences among the agile 
methodologies, including XP, 
said Per Kroll, manager of meth- 



ods for IBM Rational. "They all 
propose iterative development. 
They all focus on working soft- 
ware, rather than on planning, 
design and requirements." All 
are committed to a common set 
of values, expressed in the Man- 
ifesto for Agile Software Devel- 
opment (agilemanifesto.org), 
which says that "people and 
their interactions are the core of 
success, more than process and 
tools," and that "the true mea- 
sure of success is working soft- 



ware," said Highsmith. 

The manifesto resulted from a 
February 2001 meeting in Snow- 
bird, Utah, of 17 software pun- 
dits, including Beck, Cockburn, 
Highsmith and Martin Fowler, 
chief scientist at ThoughtWorks, 
a Chicago consulting company 
with expertise in agile methods. 

What we have in common, 
said Beck, referring to all play- 
ers in the agile camp, is that 
"we all want big changes for big 
gain." If programmers aren't 
held accountable, they will slip 
back to their old ways, he said. 
"You have to be able to say: 'My 
name is Kent, I am a program- 
mer who doesn't write tests. 
Yes, I slipped.' " I 



MORE THAN ONE WAY TO GAIN AGILITY 



All agile methodologies reject the traditional waterfall, or "code 
and fix," approach to writing software without an underlying plan. 
Each entails, to varying degrees, some combination of project 
management, collaboration and engineering practices, with test- 
ing tightly integrated into the coding process. The differences 
among agile methods are often guite subtle. 

ADAPTIVE: Developed by Jim Highsmith, author of "Agile 
Software Development Ecosystems," Adaptive Software Develop- 
ment is a framework that's less about telling people what to do 
and more about encouraging collaboration and fostering learning. 

CRYSTAL: Alistair Cockburn, author of "Crystal Clear: A Hu- 
man-Powered Methodology for Small Teams," devised this man- 
agement framework based on the belief that different projects 
demand different approaches. A project that develops software to 
run an atomic power plant has the hardness of a diamond and re- 
guires more people than a project that is about writing code for a 
simple Web site, which has the softness of guartz. 

DYNAMIC SYSTEMS DEVELOPMENT METHOD: DSDM 
originated in the U.K. among a consortium of companies using 
RAD methods. There is heavy emphasis on a business study, en- 
abling team members to understand the context in which the ap- 
plication will be used. Unlike most of the agile methods, it has for- 
mal manuals, training courses and accreditation programs. 

EXTREME PROGRAMMING: XP was developed by Kent 
Beck in 1996 in response to a troubled project at automaker 
Chrysler. The most famous agile methodology, it emphasizes pro- 
grammer accountability and provides concrete advice on which 
practices projects should follow. There is heavy emphasis on test- 
ing as the programmer works. Critics say it's too rigid, but in the 
second edition of "Extreme Programming Explained," published 
late last year, Beck presents a less prescriptive approach than 
proposed in his earlier 1999 book. 

FEATURE DRIVEN DEVELOPMENT: FDD was invented by 
Jeff De Luca, of Australian consulting firm Nebulon, and Peter 
Coad, former CEO of TogetherSoft (now a part of Borland). It sug- 
gests there are two kinds of developers: class owners, who do 
much of the coding, and chief programmers, who coordinate and 
lead coding efforts. 

RATIONAL UNIFIED PROCESS: Developed by Philippe 
Kruchten, Ivar Jacobson and others at Rational to complement 
the Unified Modeling Language, RUP is a customizable framework 
that supports iterative development. Today, it's closely tied to 
tools in the IBM Development Platform. Some guestion whether 
it's really an agile methodology. 

SCRUM: Originating in the object-oriented camp, Scrum bor- 
rows its name from the game of rugby. The management frame- 
work for iterative development divides a project into 30-day iter- 
ations called sprints and does not prescribe specific engineering 
practices. Source: www.martinfowler.com 
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Resolution Wraps Up Rules in Small Package 



BY JENNIFER DEJONG 

Zeroing in on the ISV market, 
Resolution EBS is readying a 
small, easy-to-embed version of 
its rules engine. 

The Austin, Texas-based 



company last month announced 
Interactive Rules Platform 3.0, 
which has a footprint of only 
150KB. Virtually all rules ven- 
dors play in the ISV market. 
"But typically they offer prod- 



ucts that were never designed 
to be embedded," Resolutions 
CEO, Peter Klante, said. That 
forces ISVs, such as those 
developing BPM or CRM tools, 
to write a lot of code to inte- 



grate the rules engine, and 
sometimes requires customers 
who buy the ISV offering to 
deploy additional servers and 
databases to support the prod- 
uct. "The level of integration 
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hasn't been easy," he said. 

Interactive Rules, which 
starts at US$100,000, has been 
restructured into J2EE compo- 
nents, enabling ISVs to embed it 
using Web services or Enterprise 
JavaBeans. Doing so requires as 
few as 10 lines of code, com- 
pared with thousands for tradi- 
tional rules tools, he said. 

Klante claimed Interactive 
Rules' 150KB footprint is the 
smallest in the industry. I 

Second Annual 
Eclipse Conference 
Later This Month 

BY JENNIFER DEJONG 

The nonprofit Eclipse Founda- 
tion is set to present its second 
annual EclipseCon conference 
Feb. 28- March 3, in Burlingame, 
Calif. The technical conference 
promises to include more than 
60 tutorials and technical ses- 
sions organized around three 
key themes: understanding 
Eclipse projects, using Eclipse 
tools and real-world experi- 
ences using Eclipse. 

Among the topics to be 
addressed are the Test & Per- 
formance Tools Platform, Rich 
Client Platform, Pollinate and 
Beehive, Aspect J Development 
Tools and Business Intelligence 
and Reporting Tools projects, 
as well as issues such as how to 
manage a large-scale adoption 
of Eclipse, developing plug-ins 
for Eclipse 3.0, and how to cre- 
ate products that coexist in 
Visual Studio and Eclipse. Also 
planned are sessions for busi- 
ness decision makers and ISVs 
considering Eclipse adoption. 

Featured speakers include 
Eclipse Foundation director 
Mike Milinkovich; Lee Nack- 
man, CTO of IBM's Rational 
division; Tim O'Reilly, founder 
and CEO of O'Reilly Media; and 
Google fellow Urs Hoelzle. I 



AlJpseCON 2005 



CONFERENCE: Feb. 28-March 3 
Hyatt Regency, Burlingame, Calif. 

KEYNOTES: 

Tuesday, 8:30 a.m.-9:30 a.m., 
"Business Model Design Patterns for 
the Open-Source Era," Tim O'Reilly, 
founder and CEO, O'Reilly Media 
Wednesday, 8:30 a.m.-9:30 a.m., Ji A 
Look Behind the Scenes at Google," 
Urs Hoelzle, Google fellow 
Thursday, 8:30 a.m.-9:30 a.m., "The 
Eclipse Phenomenon," Lee Nackman, 
CTO, IBM Rational 
www.eclipsecon.org 
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Empirix's e-Load Lets Groups Share 



BY YVONNE L. LEE 

A new face and the ability to 
share mark the new e-Load test 
in Empirix's e-Test 8.0 Web 
application test suite, which 
was introduced mid-January for 
a February release. 

The company focuses on a 
single product when it releases 
a new version of the suite, and 
this time, the honor went to the 
load-testing tool, according to 
Joe Fernandes, director of 
product marketing. e-Load 8.0 
now runs from within a browser 
instead of as a separate product 
that needs to be installed on 
each client machine. A single 
copy of the software is loaded 
on one computer and the tests 
can be administered and 
viewed anywhere. 

"The interface is completely 
redone," said Fernandes. "In the 
prior version, the interface was a 
full-blown Windows client." 

In addition, multiple users 
in various locations can collabo- 
rate to tune the application in 
real time as they see the results 
of the load test. 

COMPUTAS 
IS ACQUIRED 

< continued from page 1 

that, Lamis said. "People were 
paying millions to have quarter- 
ly current- state models done by 
consultants" or the services 
organizations of their database 
vendors, he added. 

Troux has raised $38 million 
in venture capital in its four-year 
history, including $16 million 
that closed in conjunction with 
the acquisition, Lamis said. 

David Chartier, the former 
CEO of Computas who was 
based in Norway, will stay on as 
vice president and general man- 
ager of Troux s European opera- 
tions. The team from Computas 
N.A. will be absorbed into 
Troux, which will remain head- 
quartered in Austin but will 
greatly expand its presence in 
the Washington, D.C., area, 
Lamis said. 

Michael Carter, the former 
director of consultants for com- 
mercial markets for Computas, 
hinted that an updated version 
of Metis, 3.6, will be released 
some time later this month. 
Metis includes a model designer 
and editor, a metamodel design- 
er and framework templates. I 



Fernandes claimed that 
being able to see and respond 
to the results simultaneously, 
rather than waiting for some- 
one else to run the tests and 
publish the results, will com- 



press the testing time. 

e-Load 8.0 does not offer 
security features, such as pass- 
word protection, admitted Fer- 
nandes, but it does require any- 
one attempting to view the test 



to know the name given to the 
specific test and its URL; they 
also must have an Empirix e-Test 
license. The next version will 
include authentication, workflow 
and permissions, he said. 



Other new features in the 
e-Load 8.0 suite include diag- 
nostics capabilities that enable 
users to create server profiles, 
enhancements to Empirix's col- 
laborative test process manage- 
ment solution, and improved 
scripting capabilities for testing 
.NET and J2EE applications and 
SOAP-based Web services. I 
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The only technical conference 
focused on security at the 
applications level 

■ Learn How to Build Secure Software 

■ Secure the Software on Your Network 

■ Test the Security of Your Software 

■ Understand Software Security Vulnerabilities 

■ Implement a Layered Approach to Application Security 

■ Architect Security Into the Development Life Cycle 



Visionary Keynotes 
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Understanding the Arts 
Of Your Adversary 

James A. Whittaker 

Director of Center for Information 
Assurance, Florida Institute of Technology 

Why do hackers target your company, your products or your 
Web site? This engaging keynote explains the motivations and techniques of your 
adversaries and, more important, sheds light on what you can do about it. Soft- 
ware security expert James A. Whittaker will show actual attacks and talk broad- 
ly about the techniques hackers use against Web sites, applications and net- 
works. He will address both basic and advanced hacker attacks from planning 
the hack, finding a vulnerability and finally executing the exploit. This fact-filled 
keynote address will set the stage for the technical classes to come, by providing 
a better understanding of your adversaries and how to defend against them. 



The Case for Secure Software 

Mary Ann Davidson 

Chief Security Officer, Oracle Corp. 

"IT" means more than information technology. It also means 
"infrastructure technology," as virtually all providers of critical 
infrastructure have an IT backbone. Your organization's IT 
must become as safe, secure and reliable as physical infrastructure — and that 
requires a cultural revolution within our profession, so that IT becomes a disci- 
pline, and a profession to the same degree as the engineering disciplines that 
create physical infrastructure. While the cultural revolution in security needs to 
be led by the IT industry's leading companies, all of us have a vital role to play in 
changing this important dynamic, so that security is a baseline requirement for IT 
products, instead of an afterthought. 
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Allen Holub, SD Times Java Watch colum- 
nist; Author of nine programming books 

David LeBlanc, Co-author of "Writing Se- 
cure Code" 

Hung Nguyen, CEO, LogiGear; Author of 
"Testing Computer Software" and "Testing 
Applications on the Web" 

Caleb Sima, CTO, SPI Dynamics 

Kenneth van Wyk, Co-author of "Secure 
Coding: Principles and Practices" 
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John Viega, CTO, Secure Software; 
Author of "Building Secure Software" 



Write More Secure Software 
Protect the Software You Have 
Test Your Software for Security 
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In the Realm of the Mobile 

New hardware framework runs apps, data anywhere, anytime 



BY EDWARD J. CORREIA 

Unless the subject is laptops, 
development for mobile com- 
puting generally involves deci- 
sions about which data to bring 
along and which to leave 
behind, to say nothing of appli- 
cations. Claiming to mobilize 
both is start-up Realm Systems, 
which on Jan. 10 unveiled a 
platform that it claims permits 
enterprise developers to deploy 
not just data, but applications 
and operating environment to 
any remote computer with a 
USB port, regardless of the host 
operating system. 

The solution is built around 
two main components: Mobile 
Personal Server (MPS), a cell- 
phone-sized embedded Linux 



server that carries a user's appli- 
cations and data, and displays 
them on a remote host via USB 
link; and SOBA Router, the lat- 
est version of the company's 
back-end middleware that 
establishes a connection to 
remote MPSes and can push 
content from application 
servers to individual pocket 
servers and perform backups. 

Realm CEO Rick White 
explained how the solution can 
be used by enterprise develop- 
ers to simplify development 
and deployment of mobile 
applications. "You can use open 
source to develop applications 
on environments you want to 
develop in, and access them on 
any computer you happen to 



have available." 

White described how a phar- 
maceutical laboratory, which is 
required to follow guidelines set 
forth by the Health Insurance 
Portability and Accountability 
Act (HIPAA) of 1996, is using a 
beta version of the system to 
reduce software maintenance 
costs for its 30,000 printers 
installed in the field. "They push 
lab results to these printers. To 
be HIPAA compliant requires 
that the company own [the print- 
ers] and that the computer have 
a single purpose of receiving 
only lab results. They tried run- 
ning programs with laptops and 
desktops, but the computers 
ended up being used to surf the 
Web and play games." 



With its own processors and 
memory, the US$200 MPS 
qualifies according to HIPAA as 
a computer. "When they plug it 
into a [host] computer, it estab- 
lishes a 2,048-bit encrypted 
tunnel to the [lab's] SOBA 
Router, which authenticates the 
user with a password and 
thumbprint. The lab then push- 
es results to doctors at any hos- 
pital, or to their office or home. 
The chain of custody has moved 
from the lab to the doctor, and 
as far as HIPAA compliance, 
the lab is no longer liable for 
that information." 

White said the lab had been 
paying about $300 per year to 
maintain the printers, including 
consumables and phone lines. 




Tira Ready to Jump 



* continued from page 1 

variety of mobile devices. 

"Some of our customers said 
they consider porting too impor- 
tant to their business," said 
Wayne Seifried, Tira's director of 
product marketing. "They want 
to have hands-on control to 
make changes at the last minute, 
and we weren't able to embrace 
that market," he said of the com- 
pany's previous service. 

The three-part solution con- 
sists of a Windows-hosted 
Eclipse plug-in, a workflow 
environment and a porting 
engine; the latter two are host- 
ed services. Seifried described 
the desktop tool as a means for 
developers to identify source 
code they've developed, attach 
its associated files such as 
graphics and sounds, and select 
targets and other options 
through a series of flags. 

The workflow manager uses 
a browser-based interface for 
assigning roles and tasks to 
development staff. "You may 
have a project manager, porting 
technician, QA and person who 
assembles the build and sends 
it to [users]. All of those 
processes and associated work- 
flow can be defined and priori- 
tized, and individuals can see 
only their own tasks." 

The transformation engine, 
Tira's core IP, is a rules-based 
engine that takes inbound jar 
and jad files, along with rules 
from the desktop and associated 



files and other instructions, and 
compiles based on rules in its 
device and mobile operator data- 
base. The entire process takes 
about a minute or two, he said. 
Suite pricing starts at US$30,000 
per year for up to 25 develop- 
ment/testing/QA seats, plus 
another $7,500 for six months of 
premium support mandatory 
during the first year, plus $350 
per application per target. 
Developers can recompile as 
many times as necessary until 
they're satisfied with the applica- 
tion without affecting the price. 
Seifried said the software cur- 
rently targets about 200 devices, 
including those from Motorola, 
Nokia and Sony Ericsson, on var- 
ious carrier networks. 

Seifried said the solution, 
which is designed specifically for 
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Tira's Eclipse plug-in lets developers pick devices and carriers to target. 



enterprise developers and ISVs, 
is intended to keep the upfront 
development costs low and take 
advantage of Tira's device knowl- 
edge. "They can make an appli- 
cation available on, say, a dozen 
new devices across several carri- 
ers. This is a way for a developer 
to do that without having to learn 



the inner workings of why an app 
might work on device A and not 
on device B." The company pub- 
lishes recommendations on how 
to build portable code, which he 
said includes avoiding hard-cod- 
ing to hardware and obscure 
APIs that don't have counter- 
parts in other devices. I 



Realm's Mobile Personal Server 
carries applications and data 
everywhere. 

Pricing for the SOBA Router 
ranges between $10,000 and 
$40,000, depending on the 
number of users, he said. 

Among the included GNU- 
centric development tools is an 
emulation environment for a 
PowerPC-based Linux devel- 
opment host, as well as one for 
Linux running on an x86 devel- 
opment box, which Realm 
chief scientist David Flynn 
said is compatible in almost 
every way except for resource- 
constriction and PowerPC 
emulation. 

A benefit of the security pro- 
vided by MPS' encrypted tunnel, 
Flynn said, is that developers can 
stick with traditional RPC mech- 
anisms, such as CORBA, that 
aren't easily poked through a 
firewall. "You don't have to wor- 
ry about firewall filtering and 
using filterable remote proce- 
dure call mechanisms, and you 
don't have to go to XML/SOAP 
just so you can filter at the fire- 
wall." Once removed from the 
host machine, the MPS leaves no 
trace, added White. I 



Oracle Puts Mobile Devices on the Grid 



BY EDWARD J. CORREIA 

It's doubtful that devices running 
Palm OS or Pocket PC would 
contribute much to a distributed 
computing grid. But Oracle has 
applied some of its grid tech- 
nologies to Oracle Database Lite 
lOg, released in January, and 
claims to improve reliability of 
mobile applications. The envi- 
ronment for Java and C/C + + also 
supports database access via 
ADO.NET 

According to Jacob Christ- 
fort, Oracle's vice president of 



voice and wireless products, ver- 
sion lOg reverses the conven- 
tional approach to building 
mobile applications. "In the old 
paradigm, you build a separate 
application on the device and 
connect and synchronize it with 
a server." The new approach, he 
said, extends server-side applica- 
tions by "out-placing parts of the 
application and data as needed." 
The technique is analogous to 
Oracle's server-side grid comput- 
ing, he continued, which distrib- 
utes applications and data across 



several machines and when com- 
bined with recovery capabilities, 
increases application reliability, 
he claimed. "Once you are repli- 
cating and synchronizing with 
the server, a recovery feature 
allows applications to pick up 
where they left off during inter- 
ruptions in network coverage. 
This allows you to get your work 
done even if you have a network 
that drifts in and out." 

The solution targets devices 
running Linux, Palm OS, Sym- 
bian OS and all versions of Win- 



dows, including CE and Pocket 
PC. The runtime adds a footprint 
of about 1MB for Windows 
devices, and about 70KB for 
Palm OS, according to Oracle. 

Available now at otn.oracle 
.com, Oracle Database Lite lOg 
works with 9i or lOg servers, 
Christfort said, costs $100 per 
named database user and 
includes Mobile Manager, a 
suite for Linux, Unix and Win- 
dows that handles application 
deployment, maintenance and 
monitoring plus device configu- 
ration, diagnostics and security, 
and user provisioning and iden- 
tity management. I 



Components by Syncf usion 

For use where failure is not an option 



Syncf usion Component libraries for 

Windows Forms and ASP.NET - crafted with pride by people you know and trust. 

Grid, Docking, Grouping, Editors, Diagramming, 
Charting, Excel reporting, PDF, HTML Display ft more. 
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Why Aren't Developers 
Buying Into Third-Party 

Components? 



BY SUSAN MESSENHEIMER 



The arguments in favor of using 
third-party components — rather 
than building them from 
scratch — appear to be compelling. 
So why has the uptake among 
developers been slower than projected? 

THE PROS 

Vendors and happy developers alike 
point to several advantages of using 
third-party components. 

The costs of third-party components 
themselves are small, and the expense 
of evaluating a third-party component 
and integrating it into your application 
is typically much less than the cost of 
building the same functionality your- 
self. Indeed, build-it-yourself costs can 
run high enough to doom a project. 
According to Mike Sax, president and 
founder of component provider 
Sax.net, "Any project with a limited 
budget and short time frame is a no- 
brainer for component use." 

"All the logic says that components 
should be used more frequently. But 
we're not dealing with logic here; we're 
dealing with psychology," said Dan 
Appleman, CEO of component vendor 
Desaware. "Many developers just want 
to build it themselves, regardless of the 
economies of scale." 

This attitude gets support from what 
amounts to a fallacy: that software devel- 
opment doesn't cost much. "Software is 
seen as being cheap to develop, espe- 
cially compared to the cost of hardware 
development," Appleman noted. "Of 
course, the true cost of software devel- 
opment is hidden." And often a lot high- 
er than it first appears. 

Clearly, it's almost always quicker to 
deploy a third-party component than to 
build the same capability from scratch. 
"We find that people are less likely to 
use components when there's no real 
time pressure to complete a project," 




said Sax. "Sometimes it just seems more 
attractive to create your own thing 
because it will do exactly what you 
need — and for the developer, it's often 
more satisfying to have built it. Of 
course, from a business perspective, 
there are few advantages to taking the 
time and resources to build in-house." 

Chris Tryon, manager of program- 
ming at New Jersey-based engineering 
firm Hatch Mott MacDonald, asked, 
"Why build a fancy grid, which may take 
weeks, when I can buy one in an hour, 
plug it in and use it in two? My time is 
the most important factor." 

Doing testing and quality assurance 
on new code can be expensive. Often 
you can try one or even a couple of 
third-party components — which have 
already been tested if they're from a rep- 



utable vendor — for less than it would 
cost to build and test your own. 

After all, out-of-the-box components 
are typically more mature than those 
developed in-house — component mak- 
ers are always upgrading their product, 
which is difficult to do internally. So the 
technology you're using on your project 
is generally more mature, too. What's 
more, third-party commercial compo- 
nent vendors document their products, 
which tends not to happen as often with 
internally developed code. 

"There are virtually no real-world sit- 
uations within a corporate environment 
where reusable components would not 
be appropriate," said James McGovern, 
enterprise architect at The Hartford 
Financial Services Group. "They make 
the most sense for major industry — ver- 



tical-specific applications such as claims, 
underwriting and policy administration." 

THE CONS 

But the arguments against using third- 
party components are compelling as well. 

For one, third-party components 
may not have the features you need, 
thereby restricting the functionality of 
your app, perhaps in critical ways. Or 
they may include features you don't 
need, adding complexity (for example, 
greater support requirements) and an 
unnecessary learning curve — and 
therefore cost — to your deployment 
even if you don't use them. 

"It's true that a third-party compo- 
nent — or any external code — will not 
always have the exact same programming 
► continued on page 24 
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< continued from page 23 

style as internally developed soft- 
ware," said Sax. "That's a small 
trade-off for the huge amounts 
of time that are saved and the 
fact that you get a head start with 
functional, well-tested code." 



According to Appleman, 
the question to ask is, "Can the 
additional complexity and con- 
figuration be worth the signifi- 
cantly added cost of develop- 
ing your own code from 
scratch? This has to be evalu- 



ated for each case." 

Another problem is that 
developers lose flexibility when 
they take an off-the-shelf com- 
ponent. "Many components 
assume that you program one 
way and one way only and 



expect you to use the compo- 
nent their way and not the way 
you've developed your prod- 
uct," said Leo Mrozek, presi- 
dent of Illinois-based Mrozek & 
Associates, which designs and 
hosts Web sites. According to 
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A project fcsnt quite right when you 

don't use the appropriate tool The same Is tme 

for application development without the appropriate 
tool your application isnl quite right Why waste the 
time with components thai haw less functionality? 
Spread is all you'll need to get the Job done right the 
first time. Spread Is the £onttNnmat*sprMd/gri4 
development component Logon to www.f point joofii 
to download a 30-day free trial and check out our 
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Providing flexible, powerful and 
reliable solutions for your 
development needs* 



Mrozek, most components are 
aimed at junior developers 
rather than at serious corporate 
programmers. 

"Vendors often sell compo- 
nents to managers under the 
banner of increasing developer 
productivity — which can be 
especially useful in shops that 
employ primarily entry-level 
talent or are very lean," said 
Hartford's McGovern. "The 
value proposition changes 
accordingly for those shops 
that hire and retain top-notch 
IT talent." 

David Yack, president of 
Colorado Technology Consul- 
tants, agreed. "A lack of exten- 
sions, which users need so they 
can configure or customize 
components' capabilities, keeps 
people from leveraging compo- 
nents more. Ironically, this flex- 
ibility is what would provide 
greater lock-in to a particular 
vendor." 

Yet not all developers feel 
thus constrained. "The con- 
trols I have used [LeadTools 
and Infragistics' UltraGrid] 
have more flexibility than I 
could ever hope to master or 
use," said Hatch Mott Mac- 
Donald's Tryon. "Even with all 
this flexibility, I have found 
them simple to use; I'm able to 
add functionality with a line or 
two of code." 

Then there are intellectual 
property liability issues. "Every 
piece of sample code on the 
Web that is in some way useful 
and is free has some kind of 
copyright or other message that 
must remain with the code," 
said Mrozek. "Many of my 
clients simply will not use this 
code, and many have coding 
standards against it. Compo- 
nents add another layer, as 
there could be copyright or 
patent info embedded in the 
component that the developer 
might be unaware of." 

And although using a third- 
party component doesn't grant 
the vendor a copyright over the 
work that uses it, Gary Cornell, 
publisher of Apress, which is 
focused on the needs of pro- 
gramming professionals, admit- 
ted, "One reason component 
use is not as strong as it might 
be is simply that developers 
have to get preapproval for a 
project that uses third-party 
components. No approval is 
needed if you stay in-house." 

Licensing issues also come 
into play with components. 
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Component Use? 



'Many of the negative attitudes 
about third-party component 
use can be traced to people 
confusing commercial compo- 
nents with freeware — and they 
are most definitely not the 
same thing," said Cornell. 

Most commercial compo- 
nent vendors, for instance, avoid 
using General Public License 
(GPL) or Lesser General Public 
License (LGPL) agreements, 
since the legally viral nature of 
GPLs and LGPLs obscures who 
owns what when components 
are tweaked or integrated with 
other code. 

Sax.net s Sax acknowledged 
developers' confusion in distin- 
guishing between commercial 
components from accountable 
vendors that come with a clear 
license agreement and (more or 
less) free code found on the 
Internet. "Professional, com- 
mercial component vendors 
have to evangelize their com- 
mitment to quality and legal 
transparency," he said. 

Colorado Technology's Yack 
would like to see some evolu- 
tion in licensing models. "Prod- 
uct licenses that require one 
license for each developer are 
not always practical for projects 
that involve a large number of 
developers," he said. 

One of the biggest draw- 
backs to the use of components 
for developers is that there usu- 
ally is no access to the source 
code. What if your component 
vendor no longer supports the 
component(s) you use, or has 
gone out of business? This 
makes upgrading or rebuilding 
your component-dependent 
app difficult — though these 
risks can be ameliorated by get- 
ting the component vendor's 
source code. If you can get the 
source code. 

Mrozek said he won't use 
components from vendors 
unwilling to make their source 
code available to their cus- 
tomers. Happily, as Sax and 
Desaware's Appleman pointed 
out, many component vendors 
make their source code avail- 
able to developers. 

Yack has found ways to insu- 
late his apps from vendor melt- 
down: "There are different tech- 
niques for using components to 
ensure you have built a wrapper 
to allow easy replacement by 
another provider," he noted. 
"For example, if you are using a 
component where there are 
multiple providers, and licens- 



ing can vary among them from 
time to time, wrapping a layer of 
abstraction around them could 
benefit the business later." 

Compliance and security 
also create challenges for 
development teams looking to 



use third-party components. 
The Sarbanes-Oxley Act re- 
quires all companies to have 
documented proof of the soft- 
ware, hardware and platforms 
upon which their systems run. 
"Compliance and documenta- 
tion might be an issue for 
components from smaller or 
independent component devel- 



opers," Mrozek said. 

Often highly secure systems 
and applications — including all 
of their parts and compo- 
nents — must be audited, which 
may not be possible if third- 
party components are present. 
"Will this component play well 
on the corporate desktop?" 
asked Mrozek. "Is there some- 



thing embedded in there we 
don't know about that will 
bring up security concerns?" 

THE UPSHOT 

Despite performance trade- 
offs, licensing and intellectual 
property liability hassles, and 
compliance and security chal- 
► continued on page 26 
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Why Aren't More Developers Buying In? 



< continued from page 25 

lenges, it looks like third-party 
components are becoming 
increasingly important. 

Sax thinks todays users of 
third-party components "can be 
viewed as early adopters who are 



interested in increasing efficien- 
cy saving time, and gaining an 
advantage that their peers may 
not be aware of. Although com- 
ponents have been around for a 
while, it's quite possible that 
we're in the early part of a clas- 



sic adoption bell curve." 

Even Mrozek, who claims to 
be "in the camp of developers 
that tries to stay away from 
components at all costs," sees a 
solid future for them. "It will 
probably be another two to 



three years before really pro- 
ductive and useful components 
are on the market that develop- 
ers will want to use," he said. 

He's not alone in that assess- 
ment. "I believe the reuse or 
leveraging of components 
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regardless of internal or third- 
party vendor is critical to effi- 
cient development of software," 
said Yack. 

Components are especially 
helpful to developers who 
might not have a high degree 
of knowledge of a particular 
system or functionality. "The 
most efficient way for me to 
program is to reuse what I 
already know," said Tryon. "As 
a programmer, I need to know 
many different systems. It's 
hard to be an expert in 
each one. I use components 
because I'm not an expert in 
imaging software, but my 
clients demand that I be. The 
component developers have 
the ability to be experts in a 
specific field, thus increasing 
the productivity of everyone 
who uses their software, and I 
look like an imaging expert." 

Aaron Marcus, president and 
principal designer/analyst at 
California-based Aaron Marcus 
and Associates, a user-interface 
and information visualization 
design consulting firm, offers an 
anecdote to explain the savings 
associated with reuse: "In the 
late 1980s, we worked with 
Kodak to study the value of 
reusing code in increasingly 
complex user interfaces. In the 
more complex UIs, if 20 percent 
of the code could be reused, 
then the company could recover 
development costs in four to 
five products." 

Tryon agreed that third-par- 
ty components are very cost- 
effective. "A programmer in my 
area billing $120 an hour will 
never be able to create all the 
functionality of a component," 
he said. "Since components are 
continuously improved, I can 
add functionality without any 
coding. What could be better?" 

THE RIGHT FIT 

The trick is to pick the right 
component product, since qual- 
ity can vary. 

"An enterprise needs to 
determine whether the compo- 
nent's design integrates with 
existing systems," said McGov- 
ern. "Components should be 
selected from vendors based on 
terms such as quality, applica- 
bility for a particular purpose, 
access to source code, licensing 
restrictions (or lack of them), 
features and performance. 
These are things that ultimately 
help deliver valuable working 
software to your business." I 



www.sdtimes.com 



. Software Development Times . February 1 r 2005 



SPECIAL REPORT 



27 



•NET Tilts the Build-Vs.-Buy Balance 

Microsoft's framework provides platform for new generation of business components 



BY CAROL WEISZMANN 

Microsoft's .NET Framework is changing 
how developers view third-party compo- 
nents. COM, .NET's predecessor, 
spawned a market for third-party compo- 
nents used in Visual Basic applications 
(usually written in C+ + , since VB is 
unsuitable for creating many kinds of 
components). A similarly successful third- 
party component market didn't emerge in 
the C++ world, largely because develop- 
ers prefer writing code themselves. 

But .NET is different for a couple of 
reasons. First, unlike Visual Basic 6 
developers, those using VB.NET and C# 
can more easily develop their own com- 
ponents, which many prefer to do 
because it's so satisfying, even if it costs 
more. Second, the .NET Framework is 
so much richer in functionality than 
COM that, although it takes a while to 
learn, it already includes solutions that 
can obviate the need for either self- 
developed or third-party components. 

Thus the choices with .NET expand 
beyond the build-your-own-versus-buy 
argument to include using .NET's 
existing capabilities. "The .NET 
Framework has really enabled compo- 
nent vendors to build a new generation 



of business components that are used 
in mission-critical applications," said 
Mike Sax, president and founder of 
component builder Sax.net. ".NET 
components are much easier to cus- 



tomize than the previous generation of 
COM/ActiveX components." 

But beware: .NET is more complex 
than COM, and the newest version of a 
.NET component replaces its forebears 



WHEN DEVELOPERS HESITATE 



When an app is mission- or 
life-critical. "Components used in 
mission-critical or life-sustaining sys- 
tems must be thoroughly vetted to a 
higher-guality standard than [is] typi- 
cal of most component vendors," said 
David Yack, president of Colorado Tech- 
nology Consultants. "Since you don't 
have access to source in all cases, it is 
not possible to perform independent 
verification." 

When security really, really 
matters. "Use of components in secu- 
rity-sensitive systems can cause prob- 
lems due to lack of ability to audit the 
implementation of the component," Yack 
observed. 

When innovation is key. "Some of 
the components I use provide the 



source code, but the vendor legally 
owns the rights to any modifications," 
said Chris Tryon, manager of program- 
ming at Hatch Mott MacDonald. So if 
you're building an innovative applica- 
tion aimed at providing a competitive 
edge, you might reject use of third-par- 
ty components. 

When your goal is perfor- 
mance and you're using a pro- 
cedural language. "If one is writ- 
ing infrastructure-related code using 
procedural languages to create device 
drivers, system utilities, etc. — and 
the goal is performance— it may be OK 
to simply meet the goals but be less 
rigorous in adhering to standards," 
said James McGovern, enterprise ar- 
chitect at The Hartford Financial Ser- 
vices Group. 



without any guarantee of the backward 
compatibility of newer runtime versions. 
So migrating your apps to a newer run- 
time version can mean upgrading all 
your components. I 



When an application is very 
function-specific, not GUI- 
based, and small-such as software 
that takes only a few hours to write, ac- 
cording to Tryon. 

When using components violates 
a contract. "Some contracts specifi- 
cally don't allow use of third-party com- 
ponents or of code that is not part of the 
work product produced," said Yack. 

When your organization isn't 
committed to them. "Component- 
based architectures shouldn't be 
thought of as a gradual thing," said Mc- 
Govern. "You either embrace and prac- 
tice it, or you don't. Components should 
reflect the spirit of an enterprise's busi- 
ness architecture." 

—Susan Messenheimer 
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Evaluating Agility 

Agile methodologies burst into many developers' con- 
sciousness after the publication of Kent Beck's 
groundbreaking "Extreme Programming" about six years 
ago. While many of the principles that constitute agile 
processes in general, and XP specifically, had been prac- 
ticed and preached for many years, Beck was the first to 
draw them together into a specific methodology 

Work on XP and other agile processes inspired a gen- 
eration of developers. By contrast, heavyweight method- 
ologies, like the Rational Unified Process, seemed quaint 
and overbearing, appropriate for big projects like design- 
ing aircraft and weapons systems. Meanwhile, the soft- 
ware development literature and technical conferences 
jumped onto the XP bandwagon with both feet. Pundits 
everywhere extolled agile processes as the best tool for 
the dot-com era's fast-moving projects with small devel- 
opment teams, small budgets, flexible deadlines and mov- 
ing-target requirements. 

There's much to admire about XP, if for no other reason 
than it convinced many development managers to think 
about their methodologies. For many groups at smaller and 
midsized companies, XP was their first attempt to bring 
any sort of formal methods into the development process. 
Maybe XP wasn't perfect, but at least it was complete and 
well documented, through numerous books and articles 
written by Beck, Martin Fowler and others. It would well 
serve as a starting point for those organizations that didn't 
know where else to begin. 

Of course, XP isn't the be-all and end-all. It's not the 
only agile methodology available, though admittedly it's 
the best-known one, and is arguably also the best-docu- 
mented and most-complete approach toward lightweight 
development. Still, there has been a fair amount of criti- 
cism of Extreme Programming methods, such as the way 
that test scripts must be written in parallel with the code 
that it must test; this can result in writing code that's 
designed specifically to pass test suites, rather than to 
exist as part of a broader production system. 

There also have been justified criticisms about the effi- 
cacy of Beck's original XP work. Everyone adherent to the 
Extreme Programming creed knows how XP was created 
as a way of salvaging the Chrysler Comprehensive Com- 
pensation Project, which had been written off as a failure 
by its original development team. . .it's less often discussed 
that despite Extreme Programming's initial successes, 
Chrysler killed the C3 project in 2000 because it never 
actually met its business requirements. 

Does that mean that XP and other agile processes are 
bad? Not at all. Agile processes and XP today have noth- 
ing to do with C3. The lightweight methodologies are 
increasingly popular and are applicable to a wide range of 
development teams and project types. The discipline they 
recommend is a tremendous improvement over casual ad 
hoc methodologies, and are light years better than adher- 
ence to outdated techniques such as the waterfall model. 

The lesson, however, is that agile processes are just 
methodologies. They're not silver bullets. No single 
methodology is applicable to every situation. Read the lit- 
erature, take the classes, talk to the gurus — and as always, 
choose your tools and methods carefully. We'd like to hear 
your own experiences with agile processes; write us at 
letters@bzmedia.com. I 



Getting Specific About Generics 



Microsoft has bitten the 
bullet and made generics 
part of the CLS as of the 
Whidbey 2.0 release of .NET. 
Or rather, Microsoft has 
demanded that everyone else 
bite the bullet. 

The Common Language 
Specification is the innermost 
ring of .NET compatibility, a 
subset of the Common Type 
System (CTS) defining types 
that may be used in external 
calls in code that is intended to 
be portable. In other words, 
every .NET language that's in 
any way compatible must be 
able to, at the very least, con- 
sume generic classes. This is a 
considerable acceleration over 
the previous plan to provide 
generics in the Big 3 Whidbey 
languages (C#, Visual Basic and 
C + +/CLI) and the Virtual Exe- 
cution System, but only move 
them into the CTS in the 
Orcas-Longhorn time frame. 

Although I am more of 
a fan of generics than my col- 
league Allen Holub is (see www 
.sdtimes.com/cols/javawatch 
_105.htm), I am worried that 
this move is one of those well- 
intentioned specifications that 
introduces a long-term com- 
patibility requirement but 
incorrectly predicts technical 
innovation. 

While the .NET generics 
implementation is sufficient — 
indeed, deucedly clever — as a 
technique for writing contain- 
er classes, one need only look 
to C ++'s templates for an 
example of how creativity can 
take a language feature far 
beyond its original justifica- 
tion and introduce a wealth of 
new idioms. It's true that this 
is a double-edged sword: 
Looking at the Boost libraries, 
I often want to scream, "For 
heaven's sake, just embed 
LISP!" 

Nonetheless, there's no 
question that generic- and 
meta-template programming 
idioms are embraced by many 
of the very best C + + program- 
mers. Container classes are 
the obvious use of generics, 
but for many the least in- 
teresting. The market should 
have been given a chance 
to exercise .NET's generics 
implementation for years 
before such a complex and 
important part of the type sys- 
tem was formalized. 

The most common com- 



plaint about .NET's generics (a 
criticism that applies equally to 
Java's generics) is that they 
require explicit type-parameter 
constraints when fields not 
present in the object type 
are invoked. This would typi- 
cally involve declaring and 
specifying an inter- 
face (using the key- 
word where in C#, 
and of in VB) in the 
generic method. 

"But, in that case, 
you don't need 
generics at all," say 
the critics. "You can 
just use an interface 
directly." 

C + + templates 
do not require such explicit 
constraints but can get away 
with that because C++ has the 
critical difference of being 
linked at compile time; the 
C + + compiler can determine 
exactly which types the tem- 
plates will be instantiated for 
and generate and bind the 
methods. In managed environ- 
ments such as .NET and 
Java, types are bound only at 
load time, with the implication 
that the fields expected in 
the generic code can't be 
relied on. Explicit type para- 
meters eliminate that error, 
but at the expense of some 
flexibility. 

'ANTI-CONSTRAINT SYNTAX' 

I like the solution to the prob- 
lem suggested by Ian Griffith 
of Interact Software. He calls 
for "anti-constraint syntax" — 
the ability to extend the 
where clause to where X 
couldbeanything. This reminds 
me of a similar proposal regard- 
ing exceptions, which argued 
that throws nothing would be a 
valuable annotation superior to 
Java's too-explicit approach and 
C#'s implicit one. 

On the other hand, if one 
wants the flexibility and com- 
plexity of C++ templates in the 
managed word, one can use 
C + +/CLI. The forthcoming 
language supports both C+ + 
templates and .NET generics. 
If that sounds like a nightmare 
in terms of comprehension, 
well, it is C++ after all. 

I was impressed to learn that 
Dinkumware has ported the 
entire Standard Template 
Library (STL) to C++/CLI, and 
further, that this version of STL 
has the same Big O perfor- 
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mance as the original. This is 
just another piece of evidence 
that C + +/CLI is the most 
intriguing of the Big 3 Whidbey 
languages (others being the 
deterministic finalization, the 
managed-unmanaged interop- 
erability, and the reasonable 
syntax of tracking 
references). 

No discussion 
of .NET generics 
would be complete 
without giving cred- 
it to the way it deals 
with value types. 
Unlike in Java, 
which uses generic 
code as syntactical 
sugar over object- 
based bytecodes, .NET gener- 
ics preserve the exact runtime 
type and actually instantiate 
concrete classes at load time. 
This means that generics can 
be high performers with val- 
ue types, especially in situa- 
tions that otherwise would 
involve significant boxing and 
unboxing. 

I wrote a test program com- 
paring Java 1.5 with C# 2.0, 
and although it's not fair to 
print benchmark numbers on 
unreleased code, the code 
showed what I would conserv- 
atively call a very significant 
performance difference. You 
can see the code at www 
.knowing.net/PermaLink.aspx 
?guid=c535278f-fb8c4blf-87c 
4-ffb2828ca01b and try it out 
yourself with the latest Com- 
munity Technology Previews 
and the shipping Java 1.5 
implementation. 

Despite my reservations on 
the elevation of the current 
generics into the CTS, it must 
also be acknowledged that 
library vendors have been 
vocal about being pleased 
with the decision, as it allows 
them to avoid choosing 
between generics and reach- 
ing the broadest possible 
number of customers. 

I agree that making life 
easier for the component ven- 
dors is more important than 
making life easier for language 
vendors, but I have to wonder 
whether in 10 years we won't 
be cursing this decision as 
premature. I 

Larry O'Brien is a technology 
consultant, analyst and writer 
Read his hlog at www 
.knowing.net. 
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Letters to the Editor 



MISSING THE TARGET 

I like to read things, but Allen 
Holubs latest column "Open- 
Source Context" [Jan. 1, page 29, 
or at www.sdtimes.com/cols 
I] avawatch_117.htm] gave me 
pause to reconsider. To be fair, 
he was on target last December 
damning Sun's Enterprise Java- 
Beans as perhaps the technology 
most responsible for company 
failures. Last year, Mr. Holub 
called it like it was. 

However, Allen's New Year's 
resolution has apparently been 
to get up off his "recliner of 
rage" and crouch under the hot 
air emitting from the dishwash- 
ing machine where he has tak- 
en fancy to convoluted whining 
of complete inaccuracy. 

Allen, when you say that 
"the end of open source as we 
know it might not be such a bad 
thing," just because you ran 
into some minor (yes, minor) 
software installation difficulties, 
your December credibility was 
wholly nullified. Open-source 
software, even though it is 
already taking over the software 
landscape (in partnership with 
third-party niche products), is 
still truly in its infancy. It has 
limitless potential for improve- 
ment by people the world over, 
unlike its expensive excessively 
shrink-wrapped brethren. 

So you got frustrated using 
one of the most basic of the 
many Java servlet containers, 
Tomcat, and decided to kill 
trees venting your impatience 
exclaiming it "simply doesn't 
work." Well, nothing simply 



doesn't work. Debug it; the 



code is wide 



open 



Then, the Tomcat project 
maintainers' perceived indiffer- 
ence to your problems inspired 
you to criticize their coding and 
documentation ability, though it 
is you who are relying on their 
coding expertise. If the software 
doesn't meet your needs and you 
think it isn't well coded or docu- 
mented, submit a patch, fork the 
project, submit some documen- 
tation or all of the above. Then 
the next person who runs into 
the same difficulties you had will 
marvel at how well the software 
works. But if you do this, you're 
going to have to work on your 
patience, which is the real culprit 
here, not open-source software. 

You also couldn't resist accus- 
ing open-source software devel- 
opers of being people with "time 
on their hands." Actually, most 
open-source software is submit- 
ted by gainfully employed devel- 
opers who actually use the soft- 
ware they develop. Hackers with 
free time are so mid-90s! Where 
have you been? 

On the topic of anachronism, 
if your code doesn't work, 
maybe you're aligned with the 
wrong software stack. You're 
probably running your develop- 
ment server on an operating sys- 
tem distribution that doesn't 
track and ensure the stability of 
your code. Also, you may be 
using an unnecessarily compli- 
cated development environment 
and programming language for 
what you're trying to do. 
Remember your analysis of 



complicated EJBs and the sim- 
pler Hibernate? Well, simplify 
everything one step further: Use 
an operating system distribution 
that ensures the code's features 
work (like Linux's Debian sta- 
ble) and a simpler programming 
framework, like PHP, Perl or 
Python. Your headaches will 
decrease dramatically. 

C'mon, Allen: back to your 
former insightful ways. Whin- 
ing about free software that 
doesn't always work perfectly is 
so not interesting and quite 
counterproductive . 

Eric Jahn 

I think drawing any conclusion 
about a genre of software from 
a few samples of it is always a 
mistake. Allen Holub s criti- 
cisms about Tomcat ring true 
with me, as I find it a horrible 
mess, but he is mistaken if he 
thinks this applies to open source 
in general. I would say that the 
state of Tomcat software has 
more to do with Java than it does 
with open source. 

There are a great many 
excellent open-source projects. 
Take a look at PostgreSQL, a 
fine database, well written and 
easy to modify. Apache, yes, is 
sort of a mess, but it has been 
used and maintained for years 
and has held up very well. 

Every study conducted thus 
far indicates that open-source 
software has an order-of-magni- 
tude better bug per k-line of 
code ratio than closed source. 

As for his feeling that losing 
open source wouldn't be a bad 



When Do You Plan to Begin Building 
64-Bit Applications? 

If developers in your company have not yet start- 
ed building or porting applications to run on 64- 
bit systems, they have plenty of company. More 
than 45 percent of respondents to the North 
American Development Survey 2004, published 
last spring by Evans Data Corp., said they had no 45.5^ 

plans to develop such applications. 

The study, which polled 518 enterprise devel- 
opers, found that fewer than 1 in 6 is currently 
building such apps, an increase from a finding of 
10 percent six months ago. Nearly a guarter said 
they plan to begin porting or building new 64-bit 
apps no sooner than a year from now. 

One explanation for the lack of such develop- 
ment is a lack of a compelling business need; the 
complexity of development outweighs the value 
of migration. 



DATA WATCH 



14.6'^ 

TAihr b milm 




*:i- hen I veara lr:m in 



JI1IU : ■ . . 



thing, think very carefully about 
every single open Internet proto- 
col and TCP/IP sockets them- 
selves. These are open source. 
Mark L. Woodward 
Computer Consultant 
Mohawk Software 

VOICE OF THE LITTLE GUYS 

I recently looked at your site 
and found the editorial "Look- 
ing Forward" [Jan. 1, page 26, 
or at www.sdtimes.com/opinions 
/opinion. htm], which talks 
about development tools. I was 
disappointed to see the editors 
only mention the big players — 
some of which simply get men- 
tioned because of their size. 

For example, I've yet to run 
into an account that is using 
BE As Web Logic Workshop. 
Even IntelliJ (one of our com- 
petitors) wasn't mentioned, and I 
am quite sure they have more 
market share than Oracle JDe- 
veloper and Sun Java Studio 
combined. When we are able to 
get heads and demonstrate 
against any competitor, we do 
very well — but we're a smaller 
company with modest resources. 
We've briefed SD Times at least 
twice on NitroX. I know SD 
Times can't mention all small 
vendors, but it shouldn't ignore 
the smaller players altogether. 

Carlos Chang 

M7 

ACCURATE AND BALANCED 

I enjoyed your Special Report 
"Real-Time Classics Prove 
They're Timeless" [Dec. 15, 
2004, page 20, or at www 
.sdtimes.com/news/116/speciall 
.htm] on the history of real- 
time operating systems compa- 
nies and the opportunities and 
challenges ahead. 

Having been here at Wind for 
14 years, I would say that it's a 
very accurate and balanced 
depiction of what has happened 
and what we still face as an orga- 
nization. After all, I have lived 
most of it, so I should know. 

Keep up the good work. 

Steve Harris 

Regional Director 

Wind River Systems 

WHAT DO YOU THINK? 

SD Times welcomes feedback. Letters 
should include the writer's name, 
company affiliation and contact infor- 
mation. Letters become the property 
of BZ Media and may be edited for 
space and style. 

Send your thoughts to feedback 
@bzmedia.com r or fax to +1-631-421- 
4045. Please mark all correspondence 
as Letters to the Editor. 
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How Much Can You Know? 



Not so long ago, students earning 
degrees in computer science would 
spend much of their time thinking about 
how to solve problems elegantly and 
efficiently. Great emphasis was placed 
on the design and selection of algo- 
rithms and data structures. Logic was 
prized, and major development compo- 
nents were known and explained. Stu- 
dents understood compilers because 
they'd written a parser and a code gen- 
erator; they understood operating sys- 
tems because they'd been on projects 
that designed them... and so on. 

The one thing the curriculum did not 
focus on was writing production applica- 
tions. The assumption was that school 
taught you how to think; it inculcated the 
principles, wrapped them with interesting 
projects, and then sent paper tigers into 
the world to apply this knowledge. This 
model worked because it placed emphasis 
on the learning and deferred business- 
oriented practices to the marketplace. 

Today, however, this model is in jeop- 
ardy because the raw volume of knowl- 
edge a good programmer must have has 
grown to almost incredible proportions. 
Three heavy layers have been overlaid on 
the basic skill of programming: the 
graphical interface, object-oriented pro- 
gramming and distributed computing. 



The drag caused on programming by 
these layers is reflected in how our per- 
ceptions have shifted over the years. For 
example, C is now considered a low-level 
language, but in the 1980s it was consid- 
ered high-level. While not as high-level as 
COBOL, let's say, it certainly was not 
viewed as the portable assembly language 
it has become today. Part of this 
transformation is undoubtedly 
at the hands of C++, which has 
become a true high-level lan- 
guage with all the drawbacks of 
a low-level idiom. OOP has 
made programs a lot more com- 
plex and considerably more 
otiose. Programs are not always 
better expressed via objects — 
straight procedural program- 
ming works just fine, and in 
many cases it's far simpler to write. 

GUIs, however, added more com- 
plexity than OOP. Take any client-facing 
program and compare the proportion of 
GUI coding versus logic — interface cod- 
ing frequently predominates by a wide 
margin. Graduates today go to jobs and 
spend their incubation period debugging 
call-back functions and listeners and 
must wonder to themselves. 

Distributed computing has taken this 
complexity beyond the beyond. My fellow 



Integration Watch 




columnist, Allen Holub, is entirely right in 
his frequent contention that J2EE is so 
complex as to eviscerate production. J2EE 
is a self-defeating paradigm because its 
enormous complexity forces people into 
other solutions, which often work just fine. 
The endpoint of this complexity curve 
is hard to interpolate. There are some 
factors that mitigate the 
problem, such as better tools. 
At the language level, the 
now universal tendency to 
provide data structures as 
part of the language removes 
some tedious and unneces- 
sary coding. Also, program- 
ming environments have 
become better at building 
projects. The trend toward 
hiding low-level details 
behind higher-level interfaces is helpful as 
well. Hibernate is a conspicuous example 
of this, as is the Jakarta Commons Log- 
ging interface. Nonetheless, each of these 
tools requires its own, specific knowledge. 
For Java application programming, the 
following list of skills is essential: the Java 
language and the principal APIs (the sug- 
gested list of API sets continues to grow 
almost alarmingly), Ant, JUnit, Hibernate, 
some logging interface, HTML and JSPs, 
and XML. That's a lot, and it's just the 



foundation. To this, we would surely add 
Web services, threads and — as of late — 
UML and design patterns. 

This long list of requirements is wholly 
separate from the fundamental skill of 
solving problems via programming. 
Developers cannot master all or even 
most of these requirements. As a result, 
they use salient features, and rarely lever- 
age the secondary benefits or they 
become specialists, and thereby impose 
on subsequent developers a long learning 
curve to figure out what the code is doing. 

Solutions need to be found. Vendors 
are recognizing this. For example, Sun's 
plans for J3EE are, in theory, oriented 
toward reducing complexity. Tools must 
become better at automating routine tasks 
and require no non-core skills. Only spe- 
cialized tools should require specialized 
knowledge. LISP macros to extend your 
editor — a once-cool paradigm — must give 
way to the greater reality. 

The Unix ideal of dozens of little lan- 
guages doing discrete tasks is no longer 
applicable in today's complexity (which is 
why Perl and Python have replaced awk, 
sed and numerous similar utilities). But 
until developers and their employers 
become more vocal about the need for 
reduced complexity, the list of skills a 
developer needs will only get longer — 
with little discernible advantage. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works LLC. 
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The Price of Purity 



I don't believe that it's reasonable to use 
Java as a procedural language solely to 
leverage its rich set of libraries. If you're 
going to use Java, embrace the object- 
oriented paradigm. Unfortunately, not 
everyone agrees with me. 

Most people who build "pure" OO 
systems notice an interesting paradox: 
Pure OO systems are simultaneously 
more complex to build and easier to 
maintain than hybrid procedural/OO sys- 
tems. The complexity is just inherent in 
the language and the mechanisms of 
object orientation (like inheritance). The 
"pure" system is better organized than 
the hybrid, however, and that is reflected 
in easier maintenance. Hybrids tend to 
have all the complexity inherent in OO 
without any of its maintainability. 

I guess my belief makes me a purist, 
but I think of it as pragmatism. I just got 
sick of rewriting hybrid systems once 
they hit maintenance (which happens 
five seconds after you write the first line 
of code). My experience notwithstand- 
ing, I often hear the word "pure" spoken 
with a sneer, as if it's a bad thing. I've 
been told that in the real world, nobody 
has the luxury of "academic purity," 
whatever that is. In reality, I don't have 
the luxury of wasting time building, 
debugging or maintaining procedural 



systems written in Java. The pure sys- 
tems go together faster, have fewer bugs, 
and are vastly easier to maintain. 

Nonetheless, most Java shops don't do 
anything like pure OO. In fact, many Java 
programmers don't understand even the 
basic principles of OO design and pro- 
gramming. Moreover, many off-the-shelf 
tools encourage a procedural 
approach (Apache's Struts 
open-source framework comes 
to mind). If you're working this 
way, you won't get most of the 
real benefits of OO, however. 

Managers — even those who 
understand the benefits of 
OO — circle around the meth- 
odology like sharks who are 
wary of their prey. They want 
the advantages of an OO sys- 
tem but don't know how to get them. For 
example, they pay for training but are 
unwilling to actually implement the things 
that their programmers learn. 

The problem is rooted in the develop- 
ment process. Moving to OO is not just a 
matter of using a new language; it's a fun- 
damental change in the way you write 
software. All software shops have a devel- 
opment process, even if it's an ad hoc one, 
and there are many support mechanisms 
for that process entrenched in the organi- 




zation. If you change the way you write 
software, you have to change the organi- 
zation to support the new way of doing 
things, and that level of change is scary. 

I just had that reality driven home. 
Here's what happened. 

A client of mine (Bill Hamilton, at 
MTS Technologies in San Diego) recent- 
ly wrote a letter of recommen- 
dation for a prospective client 
that I was courting. Bill's letter 
cited the OO design and train- 
ing work I had done for MTS; 
he wrote a thoughtful, six-page 
review of my work that I liked 
quite a bit (since it was pretty 
complimentary). The letter 
also described the pitfalls of 
moving from a seat-of-the- 
pants design environment to 
an OO one as well as my proclivities in the 
purist department, however. My immedi- 
ate response was: "I hope this doesn't 
scare my new customer away." Judging by 
the deafening silence that ensued, my 
fears seem justified. 

Bill's e-mail comments about this sit- 
uation were, I think, to the point: 

"My theory is this: you desperately 
want to drain the swamp, thinking it will 
solve all your problems, but you're afraid 
the alligators will still be there. What if I 



go through this training and my problems 
are still there or, worse yet, compounded? 
What if I go through this training and find 
out my staff isn't capable of operating 
under a new paradigm? What if I go 
through with this training and find they 
understand it, but I don't?! What if I go 
through this training and find out it will 
cost millions and take years to fully imple- 
ment into the staff, the company, the lega- 
cy systems, the infrastructure? These are 
all questions that [the managers] should 
have had answered ahead of time. I pro- 
pose this: until they've answered the 
above questions, they're not ready." 

He went on: "I can see them saying, 
'Well, we tried Allen's approach, but obvi- 
ously his style didn't work.' They couldn't 
distinguish between their follies and devi- 
ations from your training, so couldn't accu- 
rately assess the value and benefit of it." 

All of the fears that Bill mentions can 
be addressed in reasonable ways, but I 
endorse the notion of thinking out the 
ramifications of a change in process 
before you go ahead with it. I believe this 
sort of change is usually for the better, 
even if it is difficult. I've occasionally 
worked for companies where change was 
not possible, however, and it's better to 
identify potential difficulties at the outset 
of the process. I 

Allen Holub is an architect, consultant 
and instructor in C/C++, Java and OO 
Design. Reach him at www.holuh.com. 
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Moderator: David Rubinstein 
Editor, SD Times 

David Rubinstein brings more 
than 25 years of newspaper 
experience to his role as 
editor of SD Times. He has covered a 
wide range of software development 
issues, including collaboration, change 
and configuration management and software 
testing, in his five years at the helm, 
and writes a regular column that examines 
the development industry as a whole. 
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Your Testing Sucks." That was the 
sign above the iTKO booth at 
Decembers Software Test & Perfor- 
mance Conference, produced by this 
newspapers parent company, BZ Media 
LLC. This, of course, caught my eye, so 
I decided to follow up with them. 

The slogan, admitted iTKO's CEO 
John Michelsen, "is provocative. But 
we haven't encountered a 
company yet that disagrees 
with our statement." What he 
is referring to is that develop- 
ers do too much self-validat- 
ing of code, that scripting 
tests for Web applications is, 
in his view, becoming archa- 
ic, and that testing tools need 
to adapt to new architecture 
models. 

The impact is felt at the 
company's bottom line, as projects either 
come in late or on time with many prob- 
lems, Michelsen said. "If you pull the 
roof off any major company's develop- 
ment team, the process is something like 
this," he said. "Management communi- 
cates status to upper management based 
on a gut feeling of the development 
team, and developers are woefully poor 
at estimating. Since QA is not a part 
until development's done, programmers 
are not even at the point where they've 
validated their own metrics. Maybe 
there are 100 functional units that need 
to be built. When they feel like they're 
50 percent done, they aren't checking 
off a requirements list. When they're 
two weeks away, in two weeks, they real- 
ize they're still two weeks away, and in 
another two weeks, they find they're still 
two weeks away." 

Developers, he insisted, cannot say 
they are done with a project until they 
have passed automated tests for the 
work. The way to achieve this, he said, is 
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to do testing while development is going 
on, which is the direction development 
shops are moving. However, Michelsen 
cautioned about relying too heavily on 
developers to create and perform cer- 
tain tests. 

One concern Michelsen expressed is 
that organizations should not rely on 
developer-only testing. "The problem is, 
for as bright and skilled in 
engineering as developers 
may be, they are the least 
qualified to validate that 
they've met a business 
requirement. A developer 
can only validate that he built 
what he believes the require- 
ment called for." 

The responsibility for vali- 
dating code against business 
requirements falls to the 
author of the requirement and the 
developer together. A project manager, 
who often serves as the liaison between 
the business and technical sides, also 
likely is qualified to validate code. But 
developers doing self-validation, 
Michelsen said, "is pure nonsense. It 
causes enormous train wrecks in pro- 
jects on a regular basis." 

While a developer can find mistakes 
he has made during implementation, 
he will never find a misunderstanding 
of requirements with an automated 
testing tool, Michelsen said. "It's the 
difference between procedural versus 
process-level errors." 



READING THE SCRIPT 

Another challenge to testing is the use of 
scripts, Michelsen said. First, it takes 
programming talent to create and main- 
tain scripts. Second, if testers on a pro- 
ject see that 20 tests have failed, they say 
that the tests are broken, not that the 
system failed. "They're not finding prob- 



lems in the system; they're finding prob- 
lems in the tests." 

Any time a system or project changes, 
a lot of time is being spent — or, mis- 
spent, Michelsen believes — modifying 
the tests until they work. "There's not a 
lot of value in that," he said. Meanwhile, 
if continuous integration within an orga- 
nization is manual, you have hundreds of 
test cases that have to be manually iter- 
ated, which Michelsen said is just not 
feasible in terms of time and talent 
required to do this. 

Meanwhile, the move in several 
industries toward service-oriented 
architectures creates a new level of 
expectation for testing tools, he assert- 
ed. "Existing tools are Ul-based. You 
build an application, hand it to QA, and 
they dust off the automated tools and 
create test cases. But Ul-based tools 
won't work, and the UI is too subject to 
change, and scripts have too much 
fragility." 

Scripts break whenever the data or the 
interface of an application changes. In 
SOAs, this happens with great frequency, 
as the system is designed to be adaptive 
from the outset — plug in one service to 
perform one function, then sub it out 
with another as business rules demand. 

Current testing tools listen in on traf- 
fic between the user interface and the 
system, and then capture it for play- 
back. But what really needs to be done 
is to test the underlying Enterprise 
JavaBean, for example, and not how the 
UI calls it, Michelsen said. "That's a big 
blind spot," he said. "You're not testing 
the middle tier itself — just the UI. If 
you can't test the midtier, you can't test 
your system." 

So having the ability to automate the 
creation and staging of tests in a way that 
is not reliant on scripts and brings test 
professionals together with developers 
is, to Michelsen, the only way to handle 
testing that doesn't, in his word, suck. I 

David Rubinstein is editor of SD Times. 



Rally Software last month announced it has closed a US$4.5 million round of 
funding, bringing the amount the company has raised since October 2003 to 
$8 million. Mobius Venture Capital and Boulder Ventures led the funding, 
along with individual investors. Rally offers a hosted solution for managing 
software projects being done under the principles of agile development 
. . . Data management and integration solutions provider Software AG has 
announced it will acguire Sabratec, whose AppliX product is used to access 
the data from mainframes for reuse. Terms of the purchase were not dis- 
closed. "Our customers have clearly indicated that the long-term value of 
their legacy systems resides in the ability to guickly and easily integrate 
those systems with service-oriented architectures via Web services," said 
Joe Gentry, Software AG's vice president of enterprise transaction systems, 
in a statement . . . Mobile application platform developer Action Engine has 
completed a US$10 million round of funding, which the company will use to 
launch its platform and its Brand-n-Go applications pack for wireless devices. 
The platform, according to the company, takes a client/server approach to 
accessing transaction-oriented online services that it claims reguires 80 per- 
cent fewer keystrokes and has a response time that is 20 times faster than 
browser-based solutions. 



EARNINGS: Apple last month reported the highest guarterly revenue and 
net income in company history, posting a net profit of US$295 million, or 70 cents 
per share, on revenue of $3.49 billion for the fiscal 2005 first guarter ended Dec. 
25, 2004. The revenue represents a 74 percent increase from the same guarter 
a year ago, the company said, while profit for the year-ago guarter was $63 mil- 
lion, or 17 cents per share. The company said it shipped 1.046 million Macintosh 
units and 4.58 million iPod music players in the guarter; the iPod shipments rep- 
resent a 525 percent increase over the same guarter last year. "We've sold over 
10 million iPods to date and are kicking off the new year with a slate of innova- 
tive new products including iPod shuffle, Mac mini and iLife '05," said Steve Jobs, 
Apple's CEO, in a statement ... Sun last month reported fiscal 2005 second- 
guarter revenue of US$2,843 billion with a net profit of $19 million, or 1 cent per 
share, for the period ending Dec. 26, 2004. Revenue was down 1.6 percent from 
the year-ago total of $2,888 billion, while profit was up markedly from a net loss 
of $125 million for the same period in 2004. "It feels good to ring up a modest 
GAAP profit," said Sun CEO Scott McNealy in a statement. "Innovation is increas- 
ingly marked by business models as much as technology. Sun's $1 per CPU/hour 
and the Sun Java Enterprise System are emerging models for recurring revenue. 
We are clearly re-establishing relevance in key markets." I 



CALENDAR OF EVENT* 



VSLive 

San Francisco 

FAWCETTE TECHNICAL PUBLICATIONS 

www.vslive.com/sf 



Feb. 6-10 



LinuxWorld Conference 
SExpo 

Boston 

IDG WORLD EXPO 

www.linuxworldexpo.com 



Feb. 14-17 



RSA Conference 

San Francisco 
RSA SECURITY 

2005.rsaconference.com/us 



Feb. 14-18 



Web Services Edge 
2005 East 

Boston 
SYS-C0N MEDIA 

sys-con.com/edge2005east 



Feb. 15-17 



PartnerWorld 

Las Vegas 
IBM 

www-1.ibm.com/partnerworld 



Feb. 27-March 2 



SHARE 

Anaheim 
IBM 

www.share.org 



Feb. 27-March 4 



EclipseCon 

Burlingame, Calif. 
ECLIPSE.ORG 

www.eclipsecon.org 



Feb. 28-March 3 



J BOSS World March 1-2 

Atlanta 

JB0SS 

www.jboss.com/company/events/jbossworld2005 

Intel Developer Forum March 1-3 

San Francisco 
INTEL 

www.intel.com/idf/us/spring2005/systems 



TheServerSide Java 
Symposium 

Las Vegas 
THESERVERSIDE 

www.theserverside.com/symposium 



March 3-5 



Embedded Systems 
Conference 

San Francisco 
CMP MEDIA 

www.esconline.com/sf/index.htm 



March 6-10 



Developer Relations 
Conference 

San Jose 
EVANS DATA 

www.evansdata.com/drc 



March 7-8 



Software 
Security Summit 

San Diego 
BZ MEDIA 

www.S-3con.com 



April 12-14 



For a more complete calendar of U.S. software devel- 
opment events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 



» TIMES WEB SEMINARS 



Successful Strategies Feb. 10 

To Develop More Secure Software 

Time: 11:00 a.m., Pacific (2:00 p.m. Eastern) 
KL0CW0RK AND SD TIMES 

www.sdtimes.com/seminar.htm 

For a more complete calendar of SD Times Web 
Seminars, see www.sdtimes.com/seminar.htm. 
Registration is free. 
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Improve Your Process, Start Testing Now 

Once you start using our tools, you are well on your way to building 
rock solid applications, in the shortest possible time, guaranteed! 

Get your free trial at www,automatedqa.com\d own loads 



Award Winning Testing Solutions 



TestComplete 

"AutomatedQA's TeslCompiete is a great orodud and j jst as capable as the martet 
leade r at less thar are-tenth "he p-ice. Wiy w&jld anyacdy pay S60OD per aea: Tar 
!Kl automaton?" 

Jool Spoisk 1 / 



* GUI Tcslrg 

■ Un l Tea:irg 

■ Rcigne^er Testing 

* Funcboral Testing 

* LoadTe^tng 

■ Distributed Tesling 
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* Dais-Driven Tes:irg 

* Obje^t-Drivc-n Testing 



Performance and Memory 
Profiling 



AQtime 

■ Manag ec/U nma naqed Applications 

* Performance Analysis 

■ Test CovEF-age 

* Memory Analysis 

■ LinE-eve Precise 

■ Microsoft Visual Studio NET 
Integration 
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Issue Trading and Project 

Managnient 



AQdevTeam 



* Configurable Workfows 

* ConfigurablE Fields 
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* Scriptab e Mac r as 
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■ Web interface 
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Build Automation and Masse 
Managneat 



Automated 
Build Studio 

* V:5ual Macro Builder 

* Exlensiale Actions 

* Sshedu ec Eu Ids 

* Tesl Integration 

* ssue Track, ng Integration 

* Mit'osofi Visual Stjd-a NET 
n:egnatar 
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AWMtP 







HutoTTiatedOfl 

www, autom ated qa ,com 



(702)891-9424 

AIIAulcmat«KSApfoducls Indudaa 60 day merwy-haefc guarantee 



You know Windows. 
You know you need MSI. 










Build on what you know. 

InstallAnywhere 



Create 100% pure MSI installers 
without proprietary scripting 

Flexible, high-performance 
Windows Installer authoring 

Optimized for enterprise deploy- 
ment and server installations 

Superior support for 
advanced Windows and ,NET 
applications 



Download today at ZeroG.com 
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